HIGHCVE-2024-53268CVSS 7.3

openExternal 缺乏验证导致 joplin 中一键远程代码执行

Q: What is CVE-2024-53268 — RCE in Joplin?

CVE-2024-53268 is a Remote Code Execution vulnerability in Joplin for Windows, allowing attackers to execute code by exploiting a lack of URI scheme filtering. It affects versions up to 3.0.2.

Q: Am I affected by CVE-2024-53268 in Joplin?

Yes, if you are using Joplin on Windows and your version is 3.0.2 or earlier, you are affected by this vulnerability.

Q: How do I fix CVE-2024-53268 in Joplin?

Upgrade to Joplin version 3.0.3 or later to resolve this vulnerability. There are no known workarounds.

Q: Is CVE-2024-53268 being actively exploited?

As of now, there are no confirmed reports of active exploitation, but the vulnerability's potential impact makes it a likely target.

Q: Where can I find the official Joplin advisory for CVE-2024-53268?

Refer to the official Joplin security advisory on their website or GitHub repository for detailed information and updates.

平台

windows

组件

joplin

修复版本

3.0.4

AI Confidence: highNVDEPSS 2.6%已审阅: 2026年5月

在NVD查看

保存

正在翻译为您的语言…

CVE-2024-53268 is a Remote Code Execution (RCE) vulnerability discovered in Joplin, an open-source note-taking application. This flaw allows attackers to execute arbitrary code on Windows systems by abusing the openExternal function without proper URI scheme validation. The vulnerability impacts Joplin versions 3.0.2 and earlier, and a fix is available in version 3.0.3. Users are strongly advised to upgrade immediately.

影响与攻击场景翻译中…

The impact of CVE-2024-53268 is significant, as it enables remote code execution. An attacker could leverage this vulnerability to gain complete control over a vulnerable Windows system. This could involve installing malware, stealing sensitive data (notes, passwords, credentials), or pivoting to other systems on the network. The lack of URI scheme filtering means that a malicious link, crafted to include a harmful command, could be opened by Joplin, leading to code execution. This is particularly concerning given Joplin’s use for storing sensitive information.

利用背景翻译中…

CVE-2024-53268 was publicly disclosed on 2024-11-25. Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog as of this writing. The ease of exploitation, combined with the potential impact, suggests that this vulnerability could become a target for attackers, especially given the widespread use of Joplin.

哪些人处于风险中翻译中…

Users of Joplin on Windows, particularly those who store sensitive information within the application, are at significant risk. This includes individuals, small businesses, and organizations that rely on Joplin for note-taking and data management. Users who have not enabled automatic updates are especially vulnerable.

检测步骤翻译中…

• windows / supply-chain:

Get-Process -Name Joplin | Select-Object -ExpandProperty Path

• windows / supply-chain:

Get-ScheduledTask | Where-Object {$_.TaskName -like "Joplin*"}

• windows / supply-chain:

reg query "HKCU\Software\Joplin" /v Version

攻击时间线

2024-11-25Disclosure
disclosure

威胁情报

漏洞利用状态

概念验证未知

CISA KEVNO

互联网暴露低

EPSS

2.62% (86% 百分位)

CISA SSVC

利用情况poc

可自动化no

技术影响total

CVSS 向量

这些指标意味着什么？

Attack Vector: 本地 — 攻击者需要系统上的本地会话或Shell。
Attack Complexity: 高 — 需要竞态条件、非默认配置或特定情况。难以可靠利用。
Privileges Required: 高 — 需要管理员或特权账户。
User Interaction: 需要 — 受害者必须打开文件、点击链接或访问特制页面。
Scope: 已改变 — 攻击可以超出脆弱组件，影响其他系统。
Confidentiality: 高 — 完全丧失机密性，攻击者可读取所有数据。
Integrity: 高 — 攻击者可写入、修改或删除任何数据。
Availability: 高 — 完全崩溃或资源耗尽，完全拒绝服务。

受影响的软件

组件joplin

供应商laurent22

影响范围修复版本

< 3.0.3 – < 3.0.33.0.4

弱点分类 (CWE)

CWE-94

时间线

已保留2024-11-19
发布日期2024-11-25
EPSS 更新日期2026-04-02

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2024-53268 is to upgrade to Joplin version 3.0.3 or later. As there are no known workarounds, upgrading is the only effective defense. Prior to upgrading, it's recommended to back up your Joplin data to prevent potential data loss. After upgrading, verify the fix by attempting to open a specially crafted URL containing a malicious URI scheme; Joplin should not execute any code. Consider implementing application whitelisting policies to further restrict the execution of untrusted applications.

修复方法翻译中…

Actualice Joplin a la versión 3.0.3 o superior. Esta versión corrige la vulnerabilidad de ejecución remota de código. Descargue la última versión desde el sitio web oficial de Joplin o a través del gestor de paquetes de su sistema operativo.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2024-53268 — RCE in Joplin?

CVE-2024-53268 is a Remote Code Execution vulnerability in Joplin for Windows, allowing attackers to execute code by exploiting a lack of URI scheme filtering. It affects versions up to 3.0.2.

Am I affected by CVE-2024-53268 in Joplin?

Yes, if you are using Joplin on Windows and your version is 3.0.2 or earlier, you are affected by this vulnerability.

How do I fix CVE-2024-53268 in Joplin?

Upgrade to Joplin version 3.0.3 or later to resolve this vulnerability. There are no known workarounds.

Is CVE-2024-53268 being actively exploited?

As of now, there are no confirmed reports of active exploitation, but the vulnerability's potential impact makes it a likely target.

Where can I find the official Joplin advisory for CVE-2024-53268?

Refer to the official Joplin security advisory on their website or GitHub repository for detailed information and updates.

你的项目受影响吗?

上传你的依赖文件，立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE