Lucene search

[email protected]NVD:CVE-2024-23743

HistoryJan 28, 2024 - 2:15 a.m.

CVE-2024-23743

2024-01-2802:15:08

CWE-250

[email protected]

web.nvd.nist.gov

notion

macos

cve-2024-23743

code execution

vulnerability

electron

node.js

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states “the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.”

Affected configurations

Nvd

Node

notionnotionRange≤3.1.0

AND

applemacosMatch-

VendorProductVersionCPE
notionnotion*cpe:2.3:a:notion:notion:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
notion	notion	*	cpe:2.3:a:notion:notion::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*

References

github.com/r3ggi/electroniz3r

github.com/V3x0r/CVE-2024-23743

www.electronjs.org/blog/statement-run-as-node-cves

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

Related for NVD:CVE-2024-23743

prion1 cvelist1 cve1 vulnrichment1