CVE-2022-29281: A Remote Code Execution Vulnerability in Notable (v1.9.0-beta.7 and earlier)
Information
- Vulnerability: Remote Code Execution
- Affected products: Notable v1.9.0-beta.7 and earlier
Summary
A Remote Code Execution (RCE) vulnerability exists in Notable (v1.9.0-beta.7 and earlier) due to improper validation of file URI scheme. This vulnerability allows attackers to execute arbitrary code via a specially crafted link.
Attackers could exploit this vulnerability by creating a hyperlink to an SMB share that contains the malicious executable. Once the user clicks the hyperlink within the application, the malicious executable will be executed. Moreover, attackers could steal the user's NTLM credentials through SMB relay attack since the application resolves remote UNC paths.
Mitigation
The vulnerability was patched in v1.9.0-beta.8.
Timeline
- 2022-03-25: Vulnerability reported to the noteable maintainer
- 2022-03-29: The maitinater confirmed the vulnerability
- 2022-04-13: Patched version (v1.9.0-beta.8) released
- 2022-04-15: CVE-2022-29281 assgined
- 2022-04-15: Public release of advisory