{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-36077","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","dateUpdated":"2025-04-23T16:40:13.698Z","dateReserved":"2022-07-15T00:00:00.000Z","datePublished":"2022-11-08T00:00:00.000Z"},"containers":{"cna":{"title":"Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect","providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2022-11-08T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround."}],"affected":[{"vendor":"electron","product":"electron","versions":[{"version":">= v21.0.0-nightly.20220526, < 21.0.0-beta.1","status":"affected"},{"version":">= 20.0.0-beta.1, < 20.0.1","status":"affected"},{"version":">= 19.0.0-beta.1, < 19.0.11","status":"affected"},{"version":"< 18.3.7","status":"affected"}]}],"references":[{"url":"https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-522: Insufficiently Protected Credentials","cweId":"CWE-522"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}],"source":{"advisory":"GHSA-p2jh-44qj-pf2v","discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T09:52:00.538Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-23T15:49:23.434463Z","id":"CVE-2022-36077","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-23T16:40:13.698Z"}}]}}