๐Ÿ” CVE Alert

CVE-2024-0849

MEDIUM 5.0

Leanote 2.7.0 - Local File Read

CVSS Score
5.0
EPSS Score
0.0%
EPSS Percentile
6th

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.

CWE CWE-22
Vendor leanote
Product leanote
Published Feb 7, 2024
Last Updated Apr 20, 2026
Stay Ahead of the Next One

Get instant alerts for leanote leanote

Be the first to know when new medium vulnerabilities affecting leanote leanote are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

Leanote / Leanote
2.7.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/leanote/desktop-app fluidattacks.com: https://fluidattacks.com/advisories/alesso