Description
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
Published: 2023-10-04
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-44891 Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
History

Fri, 20 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Kong Insomnia
Kong Insomnia macos
Weaknesses CWE-114
CPEs cpe:2.3:a:kong_insomnia:macos:*:*:*:*:*:*:*:*
Vendors & Products Kong Insomnia
Kong Insomnia macos
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Apple Macos
Kong Insomnia Macos
Konghq Insomnia
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-20T13:12:24.933Z

Reserved: 2023-08-14T00:00:00.000Z

Link: CVE-2023-40299

cve-icon Vulnrichment

Updated: 2024-08-02T18:31:53.047Z

cve-icon NVD

Status : Modified

Published: 2023-10-04T22:15:09.830

Modified: 2024-11-21T08:19:11.030

Link: CVE-2023-40299

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses