CVE-2020-15215
MEDIUMElectron <11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 - Privilege Escalation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-15215. PoCs published by NishantIyer.
AI-analyzed exploit summary This repository provides a detailed technical analysis and validation harness for CVE-2020-15215, focusing on Electron boundary hardening and context isolation bypass in Discord. It includes a comprehensive breakdown of the vulnerability context, repository topology, and validation functionality without containing functional exploit code.
Description
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
Exploits (1)
This repository provides a detailed technical analysis and validation harness for CVE-2020-15215, focusing on Electron boundary hardening and context isolation bypass in Discord. It includes a comprehensive breakdown of the vulnerability context, repository topology, and validation functionality without containing functional exploit code.
References (1)
Scores
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L