PT-2022-18119 · Asana · Asana Desktop

Hector Peralta

Published

2022-04-09

Updated

2022-04-14

CVE-2022-26877

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Asana Desktop versions prior to 1.6.0

Description The issue allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.

Recommendations For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2022-26877

Affected Products

Asana Desktop

PT-2022-18119 · Asana · Asana Desktop

CVE-2022-26877

Weakness Enumeration

Related Identifiers

Affected Products

References · 6