CVE-2024-23738
CRITICALPostman < 10.22 - Remote Code Execution via RunAsNode Configuration
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2024-23738. PoCs published by giovannipajeu1.
AI-analyzed exploit summary The repository provides a technical writeup for CVE-2024-23738, detailing how a remote attacker can execute arbitrary code in Postman on macOS via the RunAsNode and enableNodeClilnspectArguments settings. It references the electroniz3r tool for vulnerability validation and includes screenshots of the exploitation process.
Description
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."
Exploits (2)
The repository provides a technical writeup for CVE-2024-23738, detailing how a remote attacker can execute arbitrary code in Postman on macOS via the RunAsNode and enableNodeClilnspectArguments settings. It references the electroniz3r tool for vulnerability validation and includes screenshots of the exploitation process.
The repository provides a technical writeup for CVE-2024-23738, detailing how a remote attacker can execute arbitrary code in Postman on macOS via the RunAsNode and enableNodeClilnspectArguments settings. It references the electroniz3r tool for vulnerability validation and includes screenshots of the exploitation process.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H