Critical Local File Read in Electron Desktop App

Renwa found a vulnerability in our Asana Desktop app that allowed a malicious actor to read local machine files that the user running the Asana Desktop app has access to if redirected to a malicious URL. We fixed this vulnerability within hours of the report and deployed a new Asana Desktop release within the next few days with the patch.

We track Bugcrowd submissions internally but we didn’t follow up with this submission and close it out until a few months after the fix. We’ve been working on closing that process gap to ensure that we quickly respond to all our security researchers.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Microsoft Disclosed Remote Memory Corruption Flaw in ChromeOS

CVE-2022-22715 WINDOWS DIRTY PIPE Writeup with Exploit