CVE-2023-40299

Exploit

EPSS 0.04%
Published 04.10.2023 22:15:09
Last modified 21.11.2024 08:19:11
Source cve@mitre.org
Teams watchlist Login
Open Login

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Konghq ≫ Insomnia Version2023.4.0

Apple ≫ macOS Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.113

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

https://github.com/Kong/insomnia/pull/6217/commits

Patch

https://github.com/Kong/insomnia/releases

Release Notes

https://insomnia.rest/changelog

Release Notes

https://www.angelystor.com/posts/cve-2023-40299/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-40299

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40299

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40299

EUVD