CVE-2024-0849

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:leanote:desktop:2.7.0:*:*:*:*:*:*:*

History

05 Sep 2024, 23:15

Type Values Removed Values Added
CWE CWE-20 CWE-73
Summary (en) Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. (en) Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.

13 Feb 2024, 19:16

Type Values Removed Values Added
CWE CWE-22
References () https://github.com/leanote/desktop-app - () https://github.com/leanote/desktop-app - Product
References () https://fluidattacks.com/advisories/alesso - () https://fluidattacks.com/advisories/alesso - Third Party Advisory
First Time Leanote
Leanote desktop
CPE cpe:2.3:a:leanote:desktop:2.7.0:*:*:*:*:*:*:*

07 Feb 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 03:15

Updated : 2024-09-05 23:15


NVD link : CVE-2024-0849

Mitre link : CVE-2024-0849

CVE.ORG link : CVE-2024-0849


JSON object : View

Products Affected

leanote

  • desktop
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-73

External Control of File Name or Path