Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability report - please contact #500

Closed
silviavali opened this issue May 8, 2018 · 4 comments
Closed

Vulnerability report - please contact #500

silviavali opened this issue May 8, 2018 · 4 comments
Labels
security

Comments

@silviavali
Copy link

silviavali commented May 8, 2018
edited
Loading

I would like to report a vulnerability. Could you please contact me on silviavali14@gmail.com as I did not manage to find any e-mail from your repo to contact you.

Best,
Silvia
@laurent22
Copy link
Owner

Contacted, and keeping the issue open for further reference.

@laurent22
Copy link
Owner

Fix will be available in next release.

@laurent22 laurent22 reopened this May 9, 2018
@foxmask
Copy link
Contributor

foxmask commented May 10, 2018

1.0.90 released

@foxmask foxmask closed this as completed May 10, 2018
@silviavali
Copy link
Author

silviavali commented May 10, 2018
edited
Loading

"XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process"

Fixed in version 1.0.90
Vulnerable field: Note content field

As Electron-based applications are built using web technologies like HTML, CSS and JS, they
are also prone to be vulnerable to web-based attacks. If a cross-site scripting vulnerability (XSS) is
found in an Electron application, where node integration has been enabled for that particular BrowserWindow instance (XSS+under webPreferences nodeIntegration:True), the attacker has the capability to require node modules like 'os', etc. ..., hence access operating system native primitives. This allows XSS in Electron applications to evolve into code execution.

Payload used for poc:
"><img src=1 onerror="var os = require('os'); var hostname = os.platform(); var homedir = os.homedir(); alert('Host:' + hostname + 'directory: ' + homedir);">

joplin2

Good reference to Electron related issues:
https://www.blackhat.com/docs/us-17/thursday/us-17-Carettoni-Electronegativity-A-Study-Of-
Electron-Security-wp.pdf

@metamorfosec metamorfosec mentioned this issue Aug 28, 2018
Closed
@lock lock bot locked and limited conversation to collaborators Oct 16, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@foxmask @laurent22 @silviavali