{
    "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-23597",
        "STATE": "PUBLIC",
        "TITLE": "Remote program execution with user interaction"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "n/a",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "n/a"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the best of our knowledge, the vulnerability has never been exploited in the wild. If you are using Element Desktop < 1.9.7, we recommend upgrading at your earliest convenience. If successfully exploited, the vulnerability allows an attacker to specify a file path of a binary on the victim's computer which then gets executed. Notably, the attacker does *not* have the ability to specify program arguments. However, in certain unspecified configurations, the attacker may be able to specify an URI instead of a file path which then gets handled using standard platform mechanisms. These may allow exploiting further vulnerabilities in those mechanisms, potentially leading to arbitrary code execution."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/vector-im/element-desktop/security/advisories/GHSA-mjrg-9f8r-h3m7",
                "refsource": "CONFIRM",
                "url": "https://github.com/vector-im/element-desktop/security/advisories/GHSA-mjrg-9f8r-h3m7"
            },
            {
                "name": "https://github.com/vector-im/element-desktop/commit/89b1e39b801655e595337708d4319ba4313feafa",
                "refsource": "MISC",
                "url": "https://github.com/vector-im/element-desktop/commit/89b1e39b801655e595337708d4319ba4313feafa"
            }
        ]
    },
    "source": {
        "advisory": "GHSA-mjrg-9f8r-h3m7",
        "discovery": "UNKNOWN"
    }
}