CVE-2024-23743

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."

Un problema en Notion para macOS versión 3.1.0 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de los componentes RunAsNode y enableNodeClilnspectArguments.

*Credits: N/A

CVSS Scores

NISTv3.1 3.3

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-01-21 CVE Reserved
2024-01-25 First Exploit
2024-01-28 CVE Published
2024-03-03 EPSS Updated
2024-09-25 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-250: Execution with Unnecessary Privileges

CAPEC

References (4)

URL	Tag	Source
https://github.com/r3ggi/electroniz3r
https://www.electronjs.org/blog/statement-run-as-node-cves

URL	Date	SRC
https://github.com/giovannipajeu1/CVE-2024-23743	2024-01-25
https://github.com/V3x0r/CVE-2024-23743	2024-09-25

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Notion Search vendor "Notion"	Notion Search vendor "Notion" for product "Notion"	<= 3.1.0 Search vendor "Notion" for product "Notion" and version " <= 3.1.0"	-	Affected	in	Apple Search vendor "Apple"	Macos Search vendor "Apple" for product "Macos"	-	-	Safe