CVE-2024-23755

Name of the Vulnerable Software and Affected Versions ClickUp Desktop versions prior to 3.3.77

Description The issue allows code injection due to specific Electron Fuses, with inadequate protection against code injection through settings such as RunAsNode. This affects both macOS and Windows versions. With over 10 million users, the risk of exploitation is significant, potentially allowing local attackers to access sensitive data.

Recommendations For ClickUp Desktop versions prior to 3.3.77, update to version 3.3.77 or later to resolve the issue. As a temporary workaround, consider restricting access to settings such as RunAsNode to minimize the risk of exploitation.