Miro
All Systems Operational

About This Site

The status of Miro and all related services is constantly monitored and displayed on this site. If you're having trouble accessing Miro and there is no information posted here, please contact us via this form.

Feel free to sign up for updates to receive information about upcoming scheduled maintenance.

Web Site Operational
90 days ago
100.0 % uptime
Today
Log in ability Operational
90 days ago
99.69 % uptime
Today
Application Operational
90 days ago
99.69 % uptime
Today
Billing Operational
Mail System Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Past Incidents
Feb 27, 2024

No incidents reported today.

Feb 26, 2024

No incidents reported.

Feb 25, 2024

No incidents reported.

Feb 24, 2024

No incidents reported.

Feb 23, 2024

No incidents reported.

Feb 22, 2024

No incidents reported.

Feb 21, 2024

No incidents reported.

Feb 20, 2024

No incidents reported.

Feb 19, 2024

No incidents reported.

Feb 18, 2024

No incidents reported.

Feb 17, 2024

No incidents reported.

Feb 16, 2024

No incidents reported.

Feb 15, 2024
Resolved - We want to provide an update on the recently reported CVE-2024-23748, a vulnerability which relates to certain configurations of the ElectronJS framework and has the potential to impact a number of applications, including Miro.

The security of our users and our product is critically important to us here at Miro, and we take these reports seriously. We have thoroughly researched the potential impact of this vulnerability on the Miro client to clearly understand any exposure it might create. Based on our investigations, we believe that the potential impact is not as severe as reported. We have found an attacker must already have the ability to run applications on a user’s computer to potentially execute code in the context of the Miro application as also clarified in ElectronsJS blog post describing the underlying vulnerability. We have addressed this vulnerability by releasing an updated, patched version of the Miro macOS application.

We strongly encourage users to update to the latest version (0.8.39), which contains the patch for this vulnerability. Most users will receive the update automatically through a restart, but enterprises who centrally manage and distribute their updates will need to proactively update to the latest version.

Additionally, based on our investigation, we believe that the statement from the NVD [1] that this is Remote Code Execution (RCE) is incorrect, as an attacker requires local access to the user’s machine in order to execute this attack. Using a standard CVSS calculation, we consider the rating for this vulnerability to be a Medium. Miro has since contacted the NVD to dispute the accuracy and completeness of the information published.


Resources

[1] Miro CVE - https://nvd.nist.gov/vuln/detail/CVE-2024-23746
[2] Official Electron statement - https://www.electronjs.org/blog/statement-run-as-node-cves

Feb 15, 19:02 UTC
Feb 14, 2024

No incidents reported.

Feb 13, 2024

No incidents reported.