V3x0r / CVE-2023-50643

CVE-2023-50643

CVE-2023-50643

CVE-2023-50643

An issue in Evernote for MacOS v.10.68.2 allows a remote, attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components

There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r

With this tool, we can check if the App is Vulnerable:

After validation, we can inject our code, and get a shell

Enjoy Shell :)

This CVE was only discovered with the help of a great friend and researcher - https://github.com/louiselalanne/CVE-2023-49314

About

CVE-2023-50643