Vulnerability Details : CVE-2022-29281
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).
Vulnerability category: Input validation
Products affected by CVE-2022-29281
- cpe:2.3:a:notable:notable:*:*:*:*:*:*:*:*
- cpe:2.3:a:notable:notable:1.9.0:beta0:*:*:*:*:*:*
- cpe:2.3:a:notable:notable:1.9.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:notable:notable:1.9.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:notable:notable:1.9.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:notable:notable:1.9.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:notable:notable:1.9.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:notable:notable:1.9.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:notable:notable:1.9.0:beta7:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-29281
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-29281
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-29281
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-29281
-
https://github.com/notable/notable-insiders/releases/tag/v1.9.0-beta.8
Release v1.9.0-beta.8 · notable/notable-insiders · GitHubRelease Notes;Third Party Advisory
-
https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-29281.md
Advisories/CVE-2022-29281.md at master · hmnthabit/Advisories · GitHubThird Party Advisory
Jump to