FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-0849

Improper Input Validation (CWE-20)

Published: Feb 7, 2024 / Updated: 9mo ago

010
CVSS 5.5EPSS 0.05%Medium
CVE info copied to clipboard

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-0849

Feb 6, 2024 at 7:15 PM
First Article

Feedly found the first article mentioning CVE-2024-0849. See article

Feb 7, 2024 at 3:27 AM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.05% (Percentile: 17.8%)

Feb 9, 2024 at 2:50 PM
Static CVE Timeline Graph

Affected Systems

Leanote/desktop
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

cveNotify : 🚨 CVE-2024-0849Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.🎖@cveNotify
CTI Feeds - Cybercrime on Telegram / 2mo
cveNotify : 🚨 CVE-2024-0849Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.🎖@cveNotify
CVE-2024-0849
Newest CVEs from Tenable / 9mo
Medium Severity Description Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. Read more at https://www.tenable.com/cve/CVE-2024-0849
Medium - CVE-2024-0849 - Leanote version 2.7.0 allows obtaining...
Security-Database Alerts Monitor : Last 100 Alerts / 9mo
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
CVE-2024-0849 | Leanote 2.7.0 file inclusion
VulDB Recent Entries / 9mo
A vulnerability was found in Leanote 2.7.0 . It has been declared as problematic . Affected by this vulnerability is an unknown functionality. The manipulation leads to file inclusion. This vulnerability is known as CVE-2024-0849 . Local access is required to approach this attack. There is no exploit available.
CVE-2024-0849
CyberSecurityBoard.com Cyber News | RSS Feed / 9mo
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible CVE-2024-0849 originally published on CyberSecurityBoard
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 5.5(34618)CWE-20(11385)CWE-22(6658)CWE-73(152)Leanote(9)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial