CVE-2024-23755

high

Description

ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.

References

https://www.electronjs.org/docs/latest/tutorial/fuses

https://www.electronjs.org/blog/statement-run-as-node-cves

https://clickup.com/terms/security-policy

https://clickup.com/security/disclosures

Details

Source: Mitre, NVD

Published: 2024-03-23

Updated: 2024-08-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H