PT-2023-27366 · Kong · Kong Insomnia
Published
2023-10-04
·
Updated
2024-09-20
·
CVE-2023-40299
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kong Insomnia version 2023.4.0
Description
The issue allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the
DYLD INSERT LIBRARIES environment variable. This can be exploited on macOS systems.Recommendations
For Kong Insomnia version 2023.4.0, consider restricting the use of the
DYLD INSERT LIBRARIES environment variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kong Insomnia