Name of the Vulnerable Software and Affected Versions:

GitKraken Desktop versions 10.8.0 and 11.1.0

Description:

GitKraken Desktop is susceptible to code injection due to misconfigured Electron Fuses. Insecure settings, specifically `RunAsNode` being enabled and `EnableNodeCliInspectArguments` not being disabled, allow the application to be executed in Node.js mode. This enables attackers to pass arguments that result in arbitrary code execution.

Recommendations:

GitKraken Desktop version 10.8.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

GitKraken Desktop version 11.1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.