Lucene search

MitreCVE-2024-23743

HistoryJan 28, 2024 - 2:15 a.m.

CVE-2024-23743

2024-01-2802:15:08

CWE-250

mitre

web.nvd.nist.gov

110

cve-2024-23743

notion

macos

remote code execution

security vulnerability

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states “the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.”

Affected configurations

Nvd

Node

notionnotionRange≤3.1.0

AND

applemacosMatch-

VendorProductVersionCPE
notionnotion*cpe:2.3:a:notion:notion:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
notion	notion	*	cpe:2.3:a:notion:notion::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*

References

github.com/r3ggi/electroniz3r

github.com/V3x0r/CVE-2024-23743

www.electronjs.org/blog/statement-run-as-node-cves

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

Related for CVE-2024-23743