CVE-2020-15215

MEDIUM

Electron <11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 - Privilege Escalation

Title source: llm

Description

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Exploits (1)

nomisec 16 stars

by NishantIyer · poc

https://github.com/NishantIyer/CVE-2020-15215-Discord-POC

View Code ZIP pw:eip

References (1)

Core 1

Core References

Third Party Advisory x_refsource_confirm

https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8

Scores

CVSS v3 5.6

EPSS 0.0028

EPSS Percentile 51.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-693 CWE-668

Status published

Products (22)

electronjs/electron 8.0.0 (11 CPE variants)

electronjs/electron 8.0.1

electronjs/electron 8.0.2

electronjs/electron 8.0.3

electronjs/electron 8.1.0

electronjs/electron 8.1.1

electronjs/electron 8.2.0

electronjs/electron 8.2.1

electronjs/electron 8.2.2

electronjs/electron 8.2.3

... and 12 more

Published Oct 06, 2020

Tracked Since Feb 18, 2026