CVE-2023-44141 - OpenCVE

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Inkdrop	Inkdrop

Configuration 1 [-]

OR	cpe:2.3:a:inkdrop:inkdrop::::::::
	cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta0::::::
	cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta1::::::
	cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta2::::::
	cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta3::::::
	cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta4::::::

References

Link	Resource
https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211	Release Notes
https://jvn.jp/en/jp/JVN48057522/	Third Party Advisory
https://www.inkdrop.app/	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2023-10-30T03:42:18.099Z

Updated: 2023-10-30T03:42:18.099Z

Reserved: 2023-09-26T06:46:01.793Z

Link: CVE-2023-44141

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-30T04:15:10.340

Modified: 2023-11-06T15:08:19.577

Link: CVE-2023-44141

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:inkdrop:inkdrop:*:*:*:*:*:*:*:*", "matchCriteriaId": "75B042EC-8776-4B5D-8460-6D242388B515", "versionEndExcluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta0:*:*:*:*:*:*", "matchCriteriaId": "3E8B3AD4-E46C-4D5E-B7F6-E1B66B2433E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "BB6F9123-23BB-4430-865F-89A5689F2DF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "30E256CC-8994-49D6-9A29-DAC7E55021CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "2995323B-30A1-4CF2-B5DA-4471BA1CEFEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "2ED3C054-3F19-45C3-AB83-620A1F5C1785", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file."}, {"lang": "es", "value": "Inkdrop anterior a v5.6.0 permite a un atacante local realizar un ataque de inyecci\u00f3n de c\u00f3digo haciendo que un usuario leg\u00edtimo abra un archivo de markdown especialmente manipulado."}], "id": "CVE-2023-44141", "lastModified": "2023-11-06T15:08:19.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-30T04:15:10.340", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Release Notes"], "url": "https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN48057522/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://www.inkdrop.app/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}