Vulnerability Description
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
CVSS Score
7.1
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Emacs | < 29.3 |
| Gnu | Org Mode | < 9.6.23 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/03/25/2Mailing List
- https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ffPatch
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29Release Notes
- https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915Patch
- https://lists.debian.org/debian-lts-announce/2024/04/msg00023.htmlMailing List
- https://lists.debian.org/debian-lts-announce/2024/04/msg00024.htmlMailing List
- http://www.openwall.com/lists/oss-security/2024/03/25/2Mailing List
- https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ffPatch
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29Release Notes
- https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915Patch
- https://lists.debian.org/debian-lts-announce/2024/04/msg00023.htmlMailing List
- https://lists.debian.org/debian-lts-announce/2024/04/msg00024.htmlMailing List
FAQ
What is CVE-2024-30205?
CVE-2024-30205 is a vulnerability with a CVSS score of 7.1 (HIGH). In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
How severe is CVE-2024-30205?
CVE-2024-30205 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-30205?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Emacs, Gnu Org Mode, Debian Debian Linux.