Lucene search

[email protected]NVD:CVE-2024-23739

HistoryJan 28, 2024 - 3:15 a.m.

CVE-2024-23739

2024-01-2803:15:07

[email protected]

web.nvd.nist.gov

discord

macos

vulnerability

remote code execution

runasnode

enablenodeclilnspectarguments

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

Affected configurations

Nvd

Node

discorddiscordRange≤0.0.291

AND

applemacosMatch-

VendorProductVersionCPE
discorddiscord*cpe:2.3:a:discord:discord:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
discord	discord	*	cpe:2.3:a:discord:discord::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*

References

github.com/V3x0r/CVE-2024-23739

www.electronjs.org/blog/statement-run-as-node-cves

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

Related for NVD:CVE-2024-23739

cve1 prion1 cvelist1