Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2022-29281: A Remote Code Execution Vulnerability in Notable (v1.9.0-beta.7 and earlier)

Information

  • Vulnerability: Remote Code Execution
  • Affected products: Notable v1.9.0-beta.7 and earlier

Summary

A Remote Code Execution (RCE) vulnerability exists in Notable (v1.9.0-beta.7 and earlier) due to improper validation of file URI scheme. This vulnerability allows attackers to execute arbitrary code via a specially crafted link.

Attackers could exploit this vulnerability by creating a hyperlink to an SMB share that contains the malicious executable. Once the user clicks the hyperlink within the application, the malicious executable will be executed. Moreover, attackers could steal the user's NTLM credentials through SMB relay attack since the application resolves remote UNC paths.

Mitigation

The vulnerability was patched in v1.9.0-beta.8.

Timeline

  • 2022-03-25: Vulnerability reported to the noteable maintainer
  • 2022-03-29: The maitinater confirmed the vulnerability
  • 2022-04-13: Patched version (v1.9.0-beta.8) released
  • 2022-04-15: CVE-2022-29281 assgined
  • 2022-04-15: Public release of advisory

References