CVE-2023-50975

Published: Feb 21, 2024Modified: May 6, 2025

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information.

Affected (1)

Products: Td: Advanced Dashboard

1 product

Advanced Dashboard

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Td Advanced Dashboard	Up to 3.0.3

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

https://gist.github.com/khronokernel/2598c067d0f49b0f0a4c8b01cf129d34

Source: cve@mitre.org

Third Party Advisory

https://newsroom.ripeda.com/tag/macs-for-business/

Source: cve@mitre.org

Broken Link

https://www.electronjs.org/blog/statement-run-as-node-cves

Source: cve@mitre.org

Issue Tracking

https://gist.github.com/khronokernel/2598c067d0f49b0f0a4c8b01cf129d34

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://newsroom.ripeda.com/tag/macs-for-business/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.electronjs.org/blog/statement-run-as-node-cves

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.