CVE-2024-23743 - Vulnerability Details - OpenCVE

ReportizFlow

Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Apple	Macos
Notion	Notion

Configuration 1 [-]

AND

cpe:2.3:a:notion:notion:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/V3x0r/CVE-2024-23743
https://github.com/r3ggi/electroniz3r
https://www.electronjs.org/blog/statement-run-as-node-cves

History

Wed, 25 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-250
CPEs		cpe:2.3:a:notion:notion:-:::::::*
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-28T00:00:00

Updated: 2024-09-25T18:59:57.914Z

Reserved: 2024-01-21T00:00:00

Link: CVE-2024-23743

Vulnrichment

Updated: 2024-08-01T23:13:07.372Z

NVD

Status : Modified

Published: 2024-01-28T02:15:08.773

Modified: 2024-11-21T08:58:18.013

Link: CVE-2024-23743

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-23743", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-25T18:59:57.914Z", "dateReserved": "2024-01-21T00:00:00", "datePublished": "2024-01-28T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-02T23:40:04.558606"}, "descriptions": [{"lang": "en", "value": "Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states \"the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.\""}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/r3ggi/electroniz3r"}, {"url": "https://github.com/V3x0r/CVE-2024-23743"}, {"url": "https://www.electronjs.org/blog/statement-run-as-node-cves"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.372Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/r3ggi/electroniz3r", "tags": ["x_transferred"]}, {"url": "https://github.com/V3x0r/CVE-2024-23743", "tags": ["x_transferred"]}, {"url": "https://www.electronjs.org/blog/statement-run-as-node-cves", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-250", "lang": "en", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "affected": [{"vendor": "notion", "product": "notion", "cpes": ["cpe:2.3:a:notion:notion:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.1.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T18:31:16.435408Z", "id": "CVE-2024-23743", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T18:59:57.914Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/r3ggi/electroniz3r", "tags": ["x_transferred"]}, {"url": "https://github.com/V3x0r/CVE-2024-23743", "tags": ["x_transferred"]}, {"url": "https://www.electronjs.org/blog/statement-run-as-node-cves", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.372Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23743", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-25T18:31:16.435408Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:notion:notion:-:*:*:*:*:*:*:*"], "vendor": "notion", "product": "notion", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.1.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T18:54:02.531Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/r3ggi/electroniz3r"}, {"url": "https://github.com/V3x0r/CVE-2024-23743"}, {"url": "https://www.electronjs.org/blog/statement-run-as-node-cves"}], "descriptions": [{"lang": "en", "value": "Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states \"the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-02T23:40:04.558606"}}}, "cveMetadata": {"cveId": "CVE-2024-23743", "state": "PUBLISHED", "dateUpdated": "2024-09-25T18:59:57.914Z", "dateReserved": "2024-01-21T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-01-28T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:notion:notion:*:*:*:*:*:*:*:*", "matchCriteriaId": "01AABF72-D84D-4355-8EA2-1951FBB18129", "versionEndIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states \"the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.\""}, {"lang": "es", "value": "Un problema en Notion para macOS versi\u00f3n 3.1.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de los componentes RunAsNode y enableNodeClilnspectArguments."}], "id": "CVE-2024-23743", "lastModified": "2024-11-21T08:58:18.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-28T02:15:08.773", "references": [{"source": "[email protected]", "tags": ["Exploit"], "url": "https://github.com/V3x0r/CVE-2024-23743"}, {"source": "[email protected]", "url": "https://github.com/r3ggi/electroniz3r"}, {"source": "[email protected]", "url": "https://www.electronjs.org/blog/statement-run-as-node-cves"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/V3x0r/CVE-2024-23743"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/r3ggi/electroniz3r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.electronjs.org/blog/statement-run-as-node-cves"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-250"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}