Org Mode remote file trust in Emacs <29.3 / <9.6.23
CVE-2024-30205 Published on March 25, 2024

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

NVD

Vulnerability Analysis

CVE-2024-30205 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.


Products Associated with CVE-2024-30205

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-30205 are published in these products:

Canonical Ubuntu Linux
 
GNU Emacs
 
GNU Org Mode
 
Debian Linux
 

Exploit Probability

EPSS
0.03%
Percentile
8.33%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.