CVE-2024-21625

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sidequestvr:sidequest:*:*:*:*:*:*:*:*

History

11 Jan 2024, 16:52

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:a:sidequestvr:sidequest::::::::
References	~~() https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7 -~~	() https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7 - Vendor Advisory
First Time		Sidequestvr Sidequestvr sidequest

04 Jan 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-04 15:15

Updated : 2024-02-28 20:54

NVD link : CVE-2024-21625

Mitre link : CVE-2024-21625

CVE.ORG link : CVE-2024-21625

JSON object : View

Products Affected

sidequestvr

sidequest

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-21625", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-01-04T15:15:11.030", "references": [{"url": "https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly."}, {"lang": "es", "value": "SideQuest es un lugar para conseguir aplicaciones de realidad virtual para Oculus Quest. La aplicaci\u00f3n de escritorio SideQuest utiliza enlaces profundos con un protocolo personalizado (`sidequest://`) para activar acciones en la aplicaci\u00f3n desde su contenido web. Debido a que, antes de la versi\u00f3n 0.10.35, las URL de los enlaces profundos no se sanitizaban adecuadamente en todos los casos, se puede lograr una ejecuci\u00f3n remota de c\u00f3digo con un solo clic en los casos en que cuando un dispositivo est\u00e1 conectado, al usuario se le presenta un enlace malicioso y hace clic en \u00e9l. desde dentro de la aplicaci\u00f3n. A partir de la versi\u00f3n 0.10.35, los enlaces de protocolo personalizados dentro de la aplicaci\u00f3n electr\u00f3nica ahora se analizan y sanitizan correctamente."}], "lastModified": "2024-01-11T16:52:43.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sidequestvr:sidequest:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48037EDB-FCDF-432F-A461-BBBE656927E6", "versionEndExcluding": "0.10.35"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}