Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for XADMaster by MacPaw

    CVE-2024-22405 (GCVE-0-2024-22405)

    Vulnerability from nvd – Published: 2024-04-30 10:04 – Updated: 2024-08-01 22:43
    VLAI
    Title
    XADMaster may not apply quarantine attribute correctly to extracted files
    Summary
    XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Improper Preservation of Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    MacPaw XADMaster Affected: < 1.10.8
    Create a notification for this product.
    macpaw xadmaster Affected: - , < 1.10.8 (custom)
        cpe:2.3:a:macpaw:xadmaster:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:macpaw:xadmaster:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xadmaster",
                "vendor": "macpaw",
                "versions": [
                  {
                    "lessThan": "1.10.8",
                    "status": "affected",
                    "version": "-",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T13:34:29.540533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:52:55.463Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2"
              },
              {
                "name": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "XADMaster",
              "vendor": "MacPaw",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.10.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281: Improper Preservation of Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-30T10:04:24.056Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2"
            },
            {
              "name": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c"
            }
          ],
          "source": {
            "advisory": "GHSA-xg3c-r7w5-7xw2",
            "discovery": "UNKNOWN"
          },
          "title": "XADMaster may not apply quarantine attribute correctly to extracted files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-22405",
        "datePublished": "2024-04-30T10:04:24.056Z",
        "dateReserved": "2024-01-10T15:09:55.548Z",
        "dateUpdated": "2024-08-01T22:43:34.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22405 (GCVE-0-2024-22405)

    Vulnerability from cvelistv5 – Published: 2024-04-30 10:04 – Updated: 2024-08-01 22:43
    VLAI
    Title
    XADMaster may not apply quarantine attribute correctly to extracted files
    Summary
    XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Improper Preservation of Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    MacPaw XADMaster Affected: < 1.10.8
    Create a notification for this product.
    macpaw xadmaster Affected: - , < 1.10.8 (custom)
        cpe:2.3:a:macpaw:xadmaster:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:macpaw:xadmaster:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xadmaster",
                "vendor": "macpaw",
                "versions": [
                  {
                    "lessThan": "1.10.8",
                    "status": "affected",
                    "version": "-",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T13:34:29.540533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:52:55.463Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2"
              },
              {
                "name": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "XADMaster",
              "vendor": "MacPaw",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.10.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281: Improper Preservation of Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-30T10:04:24.056Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2"
            },
            {
              "name": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c"
            }
          ],
          "source": {
            "advisory": "GHSA-xg3c-r7w5-7xw2",
            "discovery": "UNKNOWN"
          },
          "title": "XADMaster may not apply quarantine attribute correctly to extracted files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-22405",
        "datePublished": "2024-04-30T10:04:24.056Z",
        "dateReserved": "2024-01-10T15:09:55.548Z",
        "dateUpdated": "2024-08-01T22:43:34.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }