Lucene search

[email protected]CVE-2019-17051

HistorySep 30, 2019 - 8:15 p.m.

CVE-2019-17051

2019-09-3020:15:10

CWE-732

[email protected]

web.nvd.nist.gov

1655

cve-2019-17051

evernote

macos

code execution

com.apple.quarantine

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

42.3%

JSON

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.

Affected configurations

NVD

Node

evernoteevernoteRange<7.13macos

CPENameOperatorVersion
evernote:evernoteevernotelt7.13

CPE	Name	Operator	Version
evernote:evernote	evernote	lt	7.13

References

evernote.com/security/updates#MACOSNOTE-28956

www.youtube.com/watch?v=OG2tKlZX5bg

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

42.3%

JSON

Related for CVE-2019-17051

hackerone1 nvd1 prion1 cvelist1