CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12079

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile27.71th
PublishedApr 23, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.

Affected Platforms (CPE)

πŸ“¦
Beakerbrowser

Beaker

< 0.8.9

References & Advisories

πŸ”— https://github.com/beakerbrowser/beaker/issues/1519
πŸ”— https://github.com/beakerbrowser/beaker/releases/tag/0.8.9
πŸ”— https://github.com/beakerbrowser/beaker/issues/1519
πŸ”— https://github.com/beakerbrowser/beaker/releases/tag/0.8.9

Related Vulnerabilities

CVE-2013-74896.8

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code ...

CVE-2019-103985.5

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins maste...

CVE-2015-31625.4

Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenti...

CVE-2015-31614.8

The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producin...