CVE-2024-23741 - Vulnerability Details - OpenCVE

An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hyper	Hyper

Configuration 1 [-]

cpe:2.3:a:hyper:hyper:*:*:*:*:*:macos:*:*

No data.

References

Link	Providers
https://github.com/V3x0r/CVE-2024-23741
https://www.electronjs.org/blog/statement-run-as-node-cves

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-28T00:00:00

Updated: 2024-08-23T20:00:52.144Z

Reserved: 2024-01-21T00:00:00

Link: CVE-2024-23741

Vulnrichment

Updated: 2024-08-01T23:13:07.262Z

NVD

Status : Modified

Published: 2024-01-28T03:15:08.337

Modified: 2024-11-21T08:58:17.603

Link: CVE-2024-23741

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-23741", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-23T20:00:52.144Z", "dateReserved": "2024-01-21T00:00:00", "datePublished": "2024-01-28T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-16T15:14:34.843045"}, "descriptions": [{"lang": "en", "value": "An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/V3x0r/CVE-2024-23741"}, {"url": "https://www.electronjs.org/blog/statement-run-as-node-cves"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.262Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/V3x0r/CVE-2024-23741", "tags": ["x_transferred"]}, {"url": "https://www.electronjs.org/blog/statement-run-as-node-cves", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "hyper", "product": "hyper", "cpes": ["cpe:2.3:a:hyper:hyper:-:*:*:*:*:macos:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.4.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-23T19:57:19.706911Z", "id": "CVE-2024-23741", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T20:00:52.144Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/V3x0r/CVE-2024-23741", "tags": ["x_transferred"]}, {"url": "https://www.electronjs.org/blog/statement-run-as-node-cves", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.262Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23741", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-23T19:57:19.706911Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hyper:hyper:-:*:*:*:*:macos:*:*"], "vendor": "hyper", "product": "hyper", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.4.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T19:58:39.935Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/V3x0r/CVE-2024-23741"}, {"url": "https://www.electronjs.org/blog/statement-run-as-node-cves"}], "descriptions": [{"lang": "en", "value": "An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-16T15:14:34.843045"}}}, "cveMetadata": {"cveId": "CVE-2024-23741", "state": "PUBLISHED", "dateUpdated": "2024-08-23T20:00:52.144Z", "dateReserved": "2024-01-21T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-01-28T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hyper:hyper:*:*:*:*:*:macos:*:*", "matchCriteriaId": "7AF8911C-E408-4B57-9C90-A3919E5AC2F9", "versionEndIncluding": "3.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings."}, {"lang": "es", "value": "Un problema en Hyper en macOS versi\u00f3n 3.4.1 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."}], "id": "CVE-2024-23741", "lastModified": "2024-11-21T08:58:17.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-28T03:15:08.337", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/V3x0r/CVE-2024-23741"}, {"source": "cve@mitre.org", "url": "https://www.electronjs.org/blog/statement-run-as-node-cves"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/V3x0r/CVE-2024-23741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.electronjs.org/blog/statement-run-as-node-cves"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}