CVE-2024-23743 PoC — Notion 安全漏洞

Source

https://github.com/V3x0r/CVE-2024-23743

Associated Vulnerability

Title:Notion 安全漏洞 (CVE-2024-23743)
Description:Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."

Readme

# CVE-2024-23743

CVE-2024-23743

An issue in Notion for MacOS v.3.1.0 allows a remote, attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components

There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r

<img width="1321" alt="image" src="https://github.com/V3x0r/CVE-2024-XXXX/assets/83291215/163a92de-852f-4220-ba26-964862429a13">


With this tool, we can check if the App is Vulnerable: 

<img width="913" alt="image" src="https://github.com/V3x0r/CVE-2024-XXXX/assets/83291215/1df75e93-39d8-44c2-acfe-644cbaa909fc">

After validation, we can inject our code, and get a shell

<img width="915" alt="image" src="https://github.com/V3x0r/CVE-2024-XXXX/assets/83291215/384ac802-10d4-437d-93ec-424764994698">

And Now, Enjoy your Shell: 

<img width="915" alt="image" src="https://github.com/V3x0r/CVE-2024-XXXX/assets/83291215/6b22b5de-708d-4b10-8cd5-b2ab511fd1c1">

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →