Privilege Issues

CVE-2022-23923

High

9.8/10

Summary

All the versions of package jailed are vulnerable to Sandbox Bypass via an exported "alert()" method which can access the main application. Exported methods are stored in the "application.remote" object.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-265 - Privilege Issues

Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the agent do things that are not ordinarily allowed. For example, there are privileges which allow an agent to perform maintenance functions such as restart a computer.

References

Advisory
Issue

Advisory Timeline

Published May 01, 2022

Privilege Issues

CVE-2022-23923

Summary

CWE-265 - Privilege Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS