WDC-24004 - WD Discovery Desktop App Version 5.0.589

WD Discovery Desktop App Version 5.0.589

WDC Tracking Number: WDC-24004
Product Line/Web: WD Discovery
Published: August 2, 2024

Last Updated: August 2, 2024

Description

WD Discovery Desktop App Version 5.0.589 includes updates to help improve the security of your Western Digital software.

Users will be automatically prompted to accept the update or they can download the latest version from the WD Discovery Downloads page or by following the instructions on the WD Discovery: Online User Guide.

Product Impact

Minimum Fix Version

Last Updated

WD Discovery for Mac

5.0.589

July 31, 2024

WD Discovery for Windows

5.0.589

July 31, 2024

Advisory Summary

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing an environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron.

CVE Number: CVE-2024-22169

Western Digital would like to thank YoKo Kho, Fahad Alamri, and AbdulKarim from HakTrak Cybersecurity Squad for reporting this issue.

Add up to 4 products

{{ skuObj.title.length

Compare

Details & Exclusions

Sign In

Resend Verification Email

Reset Password

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

{{promotion.info.desc}}

WD Discovery Desktop App Version 5.0.589

Description

Advisory Summary

News and updates straight to your inbox