Code injection

2024-02-0202:15:00

PRIOn knowledge base

www.prio-n.com

miro desktop

code injection

vulnerability

macos

nvd

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.0%

JSON

Miro Desktop 0.8.18 on macOS allows code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents).

CPENameOperatorVersion
miroeq0.8.18

CPE	Name	Operator	Version
	miro	eq	0.8.18

References

book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection

github.com/louiselalanne/CVE-2024-23746

miro.com/about/

www.electronjs.org/blog/statement-run-as-node-cves