In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7375-1 advisory.

    It was discovered that Org Mode did not correctly handle filenames containing shell metacharacters. An     attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue     only affected Ubuntu 22.04 LTS. (CVE-2023-28617)

    It was discovered that Org Mode could run untrusted code left in its buffer. An attacker could possibly     use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu     22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-30202)

    It was discovered that Org Mode did not correctly handle the contents of remote files. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-30205)

    It was discovered that Org Mode could be made to run arbitrary Elisp code. An attacker could possibly use     this issue to cause a denial of service or execute arbitrary code. (CVE-2024-39331)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org     Mode before 9.6.23. (CVE-2024-30202)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of emacs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30202 advisory.

  - In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org     Mode before 9.6.23. (CVE-2024-30202)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of emacs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30202 advisory.

  - In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org     Mode before 9.6.23. (CVE-2024-30202)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202407-08 (GNU Emacs, Org Mode: Multiple Vulnerabilities)

    Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced     below for details.

Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-584 advisory.

    In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org     Mode before 9.6.23. (CVE-2024-30202)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f661184a-eb90-11ee-92fc-1c697a616631 advisory.

  - In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org     Mode before 9.6.23. (CVE-2024-30202)

  - In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203)

  - In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. (CVE-2024-30204)

  - In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode     before 9.6.23. (CVE-2024-30205)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
233403	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Org Mode vulnerabilities (USN-7375-1)	Nessus	Ubuntu Local Security Checks	high
227663	Linux Distros Unpatched Vulnerability : CVE-2024-30202	Nessus	Misc.	high
215878	Azure Linux 3.0 Security Update: emacs (CVE-2024-30202)	Nessus	Azure Linux Local Security Checks	high
201602	CBL Mariner 2.0 Security Update: emacs (CVE-2024-30202)	Nessus	MarinerOS Local Security Checks	high
201186	GLSA-202407-08 : GNU Emacs, Org Mode: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
193439	Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2024-584)	Nessus	Amazon Linux Local Security Checks	high
192595	FreeBSD : emacs -- multiple vulnerabilities (f661184a-eb90-11ee-92fc-1c697a616631)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2024-30202

high

Tenable Plugins

high

high

high

high

critical

high

high