CVE-2024-0849

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:leanote:desktop:2.7.0:*:*:*:*:*:*:*

History

05 Sep 2024, 23:15

Type Values Removed Values Added
Summary (en) Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. (en) Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
CWE CWE-20 CWE-73

13 Feb 2024, 19:16

Type Values Removed Values Added
CPE cpe:2.3:a:leanote:desktop:2.7.0:*:*:*:*:*:*:*
First Time Leanote
Leanote desktop
CWE CWE-22
References () https://github.com/leanote/desktop-app - () https://github.com/leanote/desktop-app - Product
References () https://fluidattacks.com/advisories/alesso - () https://fluidattacks.com/advisories/alesso - Third Party Advisory

07 Feb 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 03:15

Updated : 2024-09-05 23:15


NVD link : CVE-2024-0849

Mitre link : CVE-2024-0849

CVE.ORG link : CVE-2024-0849


JSON object : View

Products Affected

leanote

  • desktop
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-73

External Control of File Name or Path