ГлавнаяУязвимости → CVE-2024-23755
8.8высокая

CVE-2024-23755

Описание

ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.

Затрагиваемое ПО
Clickup ClickupApple MacosMicrosoft Windows
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://clickup.com/security/disclosureshttps://clickup.com/terms/security-policyhttps://www.electronjs.org/blog/statement-run-as-node-cveshttps://www.electronjs.org/docs/latest/tutorial/fuseshttps://clickup.com/security/disclosureshttps://clickup.com/terms/security-policyhttps://www.electronjs.org/blog/statement-run-as-node-cveshttps://www.electronjs.org/docs/latest/tutorial/fuses