PT-2024-28099 · Unknown · Notes Station 3
Thomas Fady
·
Published
2024-02-22
·
Updated
2024-11-27
·
CVE-2024-38646
CVSS v4.0
8.4
High
| Vector | AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Notes Station 3 versions prior to 3.9.7
Description
An incorrect permission assignment for critical resource vulnerability has been reported. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource.
Recommendations
For Notes Station 3 versions prior to 3.9.7, update to version 3.9.7 or later to secure against potential attacks. As a temporary workaround, consider restricting access to critical resources until the update is applied.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Notes Station 3