Cyber Resilience

CVE-2024-23740

Critical

Published: 28 January 2024

Published
28 January 2024
Modified
16 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2325 96.1th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23740 is a critical-severity an unspecified weakness vulnerability in Getkap Kap. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 3.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Kap for macOS versions 3.6.0 and earlier contains a remote code execution vulnerability that arises from exposure of the RunAsNode and enableNodeCliInspectArguments Electron settings. The flaw carries a CVSS 3.1 base score of 9.8 and is tracked under NVD-CWE-noinfo.

Remote, unauthenticated attackers can supply crafted inputs over the network to leverage these settings and execute arbitrary code on the affected system, resulting in complete compromise of confidentiality, integrity, and availability without user interaction.

Public references include the Electron project statement on RunAsNode-related CVEs and a GitHub repository that reproduces the issue, indicating that application developers should disable or properly sandbox these flags in packaged Electron binaries.

The associated EPSS score is currently 0.2325 with an identical recorded peak and shows no material upward trajectory after disclosure.

EU & UK References

Vulnerability details

An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1218.015 Electron Applications Stealth
Adversaries may abuse components of the Electron framework to execute malicious code.
Why these techniques?

Vulnerability in Electron-based Kap macOS app enables remote arbitrary code execution via RunAsNode and enableNodeCliInspectArguments settings, facilitating exploitation for client execution (T1203) and proxy execution via Electron applications (T1218.015).

Affected Assets

getkap
kap
≤ 3.6.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References