CVE-2023-49314
N/A
N/A
Summary
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://asana.com/pt/download
- https://github.com/r3ggi/electroniz3r
- https://www.electronjs.org/docs/latest/tutorial/fuses
- https://github.com/louiselalanne/CVE-2023-49314
- https://github.com/electron/fuses
- https://www.electronjs.org/blog/statement-run-as-node-cves
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://asana.com/pt/download
- https://github.com/r3ggi/electroniz3r
- https://www.electronjs.org/docs/latest/tutorial/fuses
- https://github.com/louiselalanne/CVE-2023-49314
- https://github.com/electron/fuses
- https://www.electronjs.org/blog/statement-run-as-node-cves
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.