CVE-2024-30204

CWE-276Incorrect Default PermissionsCWE-3499 documents8 sources
Severity
2.8LOW
EPSS
0.0%
top 95.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU EmacsGNU ORG ModeDebian Debian Linux
Timeline
PublishedMar 25
Latest updateSep 19

Description

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:LExploitability: 1.3 | Impact: 1.4

Affected Packages4 packages

NVDgnu/emacs< 29.3
Debianemacs< 1:27.1+1-3.1+deb11u3+3
NVDgnu/org_mode< 9.6.23
Debianorg-mode< 9.4.0+dfsg-1+deb11u2+2

Also affects: Debian Linux 10.0

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-27fr-v43j-r34m: In Emacs before 292024-03-25
OSV
CVE-2024-30204: In Emacs before 292024-03-25
CVEList
CVE-2024-30204: In Emacs before 292024-03-25

📋Vendor Advisories

5
Ubuntu
Emacs vulnerabilities2024-09-19
Red Hat
emacs: LaTeX preview is enabled by default for e-mail attachments2024-03-25
Red Hat
emacs: Gnus treats inline MIME contents as trusted2024-03-25
Microsoft
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.2024-03-12
Debian
CVE-2024-30204: emacs - In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...2024
CVE-2024-30204 (LOW CVSS 2.8) | In Emacs before 29.3 | cvebase.io