PT-2023-28296 · Unknown+1 · Webcatalog+1
Itssixtyn3In
·
Published
2023-09-27
·
Updated
2024-02-02
·
CVE-2023-42222
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WebCatalog versions prior to 49.0
Description
The issue arises from WebCatalog calling the Electron
shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. This leads to incorrect access control.Recommendations
For versions prior to 49.0, update to version 49.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Electron
shell.openExternal function until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Electron
Webcatalog