CVE-2022-36077
Information Disclosure vulnerability in electron (npm)

Information Disclosure No known exploit

What is CVE-2022-36077 About?

Electron's `file://` URL redirect handling can delay security checks, potentially exposing sensitive information. If a redirect points to an SMB URL, Windows systems may attempt NTLM authentication, sending hashed credentials. This vulnerability, while not directly exposing file content, can leak sensitive authentication material.

Affected Software

  • electron
    • >20.0.0-beta.1, <20.0.1
    • >19.0.0-beta.1, <19.0.11
    • <18.3.7

Technical Details

The vulnerability in Electron arises when a redirect to a file:// URL occurs from another scheme. Electron delays its security check for such redirects. If the target file:// URL is a Server Message Block (SMB) path, such as file://some.website.com/, on a Windows system, the operating system may automatically attempt NTLM authentication with the specified server. This process can inadvertently send hashed user credentials, leading to information disclosure. Although the content of the file is not directly exposed to the renderer, the NTLM authentication attempt itself constitutes a sensitive information leak.

What is the Impact of CVE-2022-36077?

Successful exploitation may allow attackers to obtain sensitive NTLM hashed credentials from affected Windows systems, leading to unauthorized access or further attacks.

What is the Exploitability of CVE-2022-36077?

Exploitation requires an application built with a vulnerable version of Electron to navigate to a malicious redirect. The complexity is moderate, involving social engineering or control over a webpage displayed in the Electron application. No authentication is explicitly required, and privileges are those of the active user within the Electron context. This is a remote exploitation scenario where a malicious website can trigger the redirect. The primary condition is that the redirect target is a specially crafted SMB URL pointing to an attacker-controlled server on a Windows system. The user's system connecting to an untrusted SMB share heightens the risk.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2022-36077?

Available Upgrade Options

  • electron
    • <18.3.7 → Upgrade to 18.3.7
  • electron
    • >19.0.0-beta.1, <19.0.11 → Upgrade to 19.0.11
  • electron
    • >20.0.0-beta.1, <20.0.1 → Upgrade to 20.0.1

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2022-36077?

Similar Vulnerabilities: CVE-2020-15995 , CVE-2021-30573 , CVE-2020-6506 , CVE-2023-34070 , CVE-2020-16010

All Rights reserved 2025
Privacy Policy