CVE-2023-40299

Exploit

EPSS 0.04%
Veröffentlicht 04.10.2023 22:15:09
Zuletzt bearbeitet 21.11.2024 08:19:11
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Konghq ≫ Insomnia Version2023.4.0

Apple ≫ macOS Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.113

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

https://github.com/Kong/insomnia/pull/6217/commits

Patch

https://github.com/Kong/insomnia/releases

Release Notes

https://insomnia.rest/changelog

Release Notes

https://www.angelystor.com/posts/cve-2023-40299/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-40299

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40299

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40299

EUVD