Cyber Resilience

CVE-2024-23745

CriticalPublic PoCRCE

Published: 31 January 2024

Published
31 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0305 87.0th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23745 is a critical-severity Command Injection (CWE-77) vulnerability in Notion Web Clipper. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 13.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the…

more

execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1553.001 Gatekeeper Bypass Defense Impairment
Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs.
Why these techniques?

The vulnerability enables arbitrary command execution by manipulating .nib files in the Notion Web Clipper app (T1203: Exploitation for Client Execution) and bypasses Gatekeeper signature validation despite modifications (T1553.001: Gatekeeper Bypass).

Affected Assets

notion
web clipper
1.0.3\(7\)

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References