Vulnerability Description
ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clickup | Clickup | < 3.3.77 |
| Apple | Macos | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://clickup.com/security/disclosuresVendor Advisory
- https://clickup.com/terms/security-policyNot Applicable
- https://www.electronjs.org/blog/statement-run-as-node-cvesNot Applicable
- https://www.electronjs.org/docs/latest/tutorial/fusesNot Applicable
- https://clickup.com/security/disclosuresVendor Advisory
- https://clickup.com/terms/security-policyNot Applicable
- https://www.electronjs.org/blog/statement-run-as-node-cvesNot Applicable
- https://www.electronjs.org/docs/latest/tutorial/fusesNot Applicable
FAQ
What is CVE-2024-23755?
CVE-2024-23755 is a vulnerability with a CVSS score of 8.8 (HIGH). ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.
How severe is CVE-2024-23755?
CVE-2024-23755 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23755?
Check the references section above for vendor advisories and patch information. Affected products include: Clickup Clickup, Apple Macos, Microsoft Windows.