Vulnerability Description
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Notable | Notable | < 1.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-29281.mdThird Party Advisory
- https://github.com/notable/notable-insiders/releases/tag/v1.9.0-beta.8Release NotesThird Party Advisory
- https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-29281.mdThird Party Advisory
- https://github.com/notable/notable-insiders/releases/tag/v1.9.0-beta.8Release NotesThird Party Advisory
FAQ
What is CVE-2022-29281?
CVE-2022-29281 is a vulnerability with a CVSS score of 8.8 (HIGH). Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could ...
How severe is CVE-2022-29281?
CVE-2022-29281 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29281?
Check the references section above for vendor advisories and patch information. Affected products include: Notable Notable.