Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/alesso | Third Party Advisory |
https://github.com/leanote/desktop-app | Product |
Configurations
History
05 Sep 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-73 | |
Summary | (en) Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. |
13 Feb 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
References | () https://github.com/leanote/desktop-app - Product | |
References | () https://fluidattacks.com/advisories/alesso - Third Party Advisory | |
First Time |
Leanote
Leanote desktop |
|
CPE | cpe:2.3:a:leanote:desktop:2.7.0:*:*:*:*:*:*:* |
07 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-07 03:15
Updated : 2024-09-05 23:15
NVD link : CVE-2024-0849
Mitre link : CVE-2024-0849
CVE.ORG link : CVE-2024-0849
JSON object : View
Products Affected
leanote
- desktop