Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneAjdumanhugH1:822609
HistoryMar 18, 2020 - 2:09 a.m.

Evernote: One Click Code Execution via File

2020-03-1802:09:03
ajdumanhug
hackerone.com
79

EPSS

0.001

Percentile

42.3%

JSON

This issue was reported to Evernote by @ajdumanhug and fixed in November 2019. This disclosure is a copy of the original, and is for historical purposes only.

Overview

The Open with Terminal functional is vulnerable to One Click Code Execution. Tested the vulnerability using the Mac Desktop App version Mac 7.13 and below.

It happens because they don’t add com.apple.quarantine meta-attribute for downloaded files to avoid the execution of terminal files.

I already reported this to Evernote, and I just wanted to report it here to ask for disclosure.

Proof of Concept

https://www.youtube.com/watch?v=OG2tKlZX5bg&feature=youtu.be

Supporting Material/References:

https://discussion.evernote.com/topic/121459-evernote-for-mac-713/
https://evernote.com/security/updates#MACOSNOTE-28956
https://www.cvedetails.com/cve/CVE-2019-17051/

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2019-17051
2019-09-30 20:15:10
prion
prion
Remote code execution
2019-09-30 20:15:00
cvelist
cvelist
CVE-2019-17051
2019-09-30 19:05:56
cve
cve
CVE-2019-17051
2019-09-30 20:15:10

EPSS

0.001

Percentile

42.3%

JSON
Related for H1:822609
nvd1prion1cvelist1cve1