CVE-2024-30205 - Vulnerability Details

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Gnu	Emacs Org Mode
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:gnu:org_mode:*:*:*:*:*:gnu_emacs:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
emacs-1:26.1-12.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:6987	2024-09-24T00:00:00Z
emacs-1:26.1-12.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:6987	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 9
emacs-1:27.2-10.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9302	2024-11-12T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/03/25/2
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d
https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html
https://nvd.nist.gov/vuln/detail/CVE-2024-30205
https://www.cve.org/CVERecord?id=CVE-2024-30205
https://www.openwall.com/lists/oss-security/2024/03/25/2

History

Thu, 01 May 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Gnu Gnu emacs Gnu org Mode
CPEs		cpe:2.3:a:gnu:emacs:::::::: cpe:2.3:a:gnu:org_mode::::::gnu_emacs::* cpe:2.3:o:debian:debian_linux:10.0:::::::*
Vendors & Products		Debian Debian debian Linux Gnu Gnu emacs Gnu org Mode

Tue, 03 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-494
Metrics	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}`

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9

Tue, 24 Sep 2024 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-25T00:00:00

Updated: 2024-12-03T16:41:24.224Z

Reserved: 2024-03-25T00:00:00

Link: CVE-2024-30205

Vulnrichment

Updated: 2024-08-02T01:25:03.369Z

NVD

Status : Analyzed

Published: 2024-03-25T15:15:52.567

Modified: 2025-05-01T14:32:31.080

Link: CVE-2024-30205

Redhat

Severity : Moderate

Publid Date: 2024-03-25T00:00:00Z

Links: CVE-2024-30205 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object