Lucene search

MitreCVE-2018-20058

HistoryDec 11, 2018 - 9:29 a.m.

CVE-2018-20058

2018-12-1109:29:00

CWE-22

mitre

web.nvd.nist.gov

1005

evernote

macos

7.6

local file path traversal

attachment previewing

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634.

Affected configurations

Nvd

Node

evernoteevernoteRange<7.6macos

VendorProductVersionCPE
evernoteevernote*cpe:2.3:a:evernote:evernote:*:*:*:*:*:macos:*:*

Vendor	Product	Version	CPE
evernote	evernote	*	cpe:2.3:a:evernote:evernote::::::macos::*

References

evernote.com/security/updates

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

Related for CVE-2018-20058