Search Results | AttackerKB

Show filters

Topics 3 Users 9,737

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2022-40277

Disclosure Date: September 30, 2022 (last updated February 24, 2025)

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.

Attack Vector: Local Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-35131

Disclosure Date: July 25, 2022 (last updated February 24, 2025)

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-23431

Disclosure Date: August 24, 2021 (last updated February 23, 2025)

The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.

Attack Vector: Network Privileges: None User Interaction: Required

0