CVE-2022-29247
Privilege Escalation vulnerability in electron (npm)

Privilege Escalation No known exploit

What is CVE-2022-29247 About?

This vulnerability in Electron allows a renderer with JavaScript execution to gain access to a new renderer process with `nodeIntegrationInSubFrames` enabled, potentially leading to privilege escalation. This can allow effective access to `ipcRenderer` and compromise the application or user, even within a sandbox. Exploitation requires JS execution in a renderer process and insufficient IPC message validation.

Affected Software

  • electron
    • >17.0.0, <17.2.0
    • >16.0.0, <16.2.6
    • <15.5.5
    • >18.0.0-beta.1, <18.0.0-beta.6

Technical Details

The vulnerability arises when an Electron renderer process with existing JavaScript execution capabilities is able to spawn or gain access to a new renderer process where nodeIntegrationInSubFrames is enabled. Although nodeIntegrationInSubFrames itself doesn't grant full Node.js access in a sandboxed application, it does provide access to the sandboxed renderer APIs, crucially including ipcRenderer. If the Electron application then exposes IPC messages that perform privileged actions or return confidential data without proper senderFrame validation, the attacker, now having access to ipcRenderer from their exploited renderer, can invoke these sensitive IPC messages. This allows a circumvention of the sandbox, leading to privilege escalation or data exposure within the application context.

What is the Impact of CVE-2022-29247?

Successful exploitation may allow attackers with JavaScript execution in a renderer process to obtain elevated privileges, access sensitive data, or perform unauthorized actions within the Electron application, even when sandboxing is enabled.

What is the Exploitability of CVE-2022-29247?

Exploitation requires an initial foothold where an attacker can execute JavaScript within an Electron renderer process. The complexity is medium, relying on chaining this initial access with the nodeIntegrationInSubFrames setting and vulnerable IPC message handling. Authentication to the Electron application is likely required if the initial JavaScript execution depends on a logged-in session. No specific system-level privileges are needed, as the attack operates within the application's process context. This is typically a local exploitation scenario, though the initial JS execution might be achieved remotely via XSS or similar vulnerabilities. Special conditions include nodeIntegrationInSubFrames being enabled and the application's IPC message handlers lacking proper senderFrame validation. The risk is significantly increased in applications that handle sensitive data, perform privileged system operations via IPC, or have an existing XSS vulnerability in a renderer.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2022-29247?

Available Upgrade Options

  • electron
    • <15.5.5 → Upgrade to 15.5.5
  • electron
    • >16.0.0, <16.2.6 → Upgrade to 16.2.6
  • electron
    • >17.0.0, <17.2.0 → Upgrade to 17.2.0
  • electron
    • >18.0.0-beta.1, <18.0.0-beta.6 → Upgrade to 18.0.0-beta.6

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2022-29247?

Similar Vulnerabilities: CVE-2021-3444 , CVE-2020-15999 , CVE-2020-15383 , CVE-2020-14300 , CVE-2019-1402

All Rights reserved 2025
Privacy Policy