{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45599", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-02T16:00:02.423Z", "datePublished": "2024-09-24T18:02:18.777Z", "dateUpdated": "2024-09-24T18:35:10.233Z"}, "containers": {"cna": {"title": "TCC Bypass in Cursor's macOS Application", "problemTypes": [{"descriptions": [{"cweId": "CWE-277", "lang": "en", "description": "CWE-277: Insecure Inherited Permissions", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/getcursor/cursor/security/advisories/GHSA-x352-xv29-r74m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getcursor/cursor/security/advisories/GHSA-x352-xv29-r74m"}], "affected": [{"vendor": "getcursor", "product": "cursor", "versions": [{"version": "< 0.41.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-24T18:02:18.777Z"}, "descriptions": [{"lang": "en", "value": "Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib Injection using DYLD_INSERT_LIBRARIES environment variable. The usage of `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` allows an external dynamic library to be injected into the application using DYLD_INSERT_LIBRARIES environment variable. \nMoreover, the entitlement `com.apple.security.device.camera` allows the application to use the host camera and `com.apple.security.device.audio-input` allows the application to use the microphone. This means that untrusted code that is executed on the user's machine can access the camera or the microphone, if the user has already given permission for Cursor to do so. In version 0.41.0, the entitlements have been split by process: the main process gets the camera and microphone entitlements, but not the DyLib entitlements, whereas the extension host process gets the DyLib entitlements but not the camera or microphone entitlements. As a workaround, do not explicitly give Cursor the permission to access the camera or microphone if untrusted users can run arbitrary commands on the affected machine."}], "source": {"advisory": "GHSA-x352-xv29-r74m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T18:34:18.351544Z", "id": "CVE-2024-45599", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:35:10.233Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45599", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T18:34:18.351544Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:34:31.740Z"}}], "cna": {"title": "TCC Bypass in Cursor's macOS Application", "source": {"advisory": "GHSA-x352-xv29-r74m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "getcursor", "product": "cursor", "versions": [{"status": "affected", "version": "< 0.41.0"}]}], "references": [{"url": "https://github.com/getcursor/cursor/security/advisories/GHSA-x352-xv29-r74m", "name": "https://github.com/getcursor/cursor/security/advisories/GHSA-x352-xv29-r74m", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib Injection using DYLD_INSERT_LIBRARIES environment variable. The usage of `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` allows an external dynamic library to be injected into the application using DYLD_INSERT_LIBRARIES environment variable. \nMoreover, the entitlement `com.apple.security.device.camera` allows the application to use the host camera and `com.apple.security.device.audio-input` allows the application to use the microphone. This means that untrusted code that is executed on the user's machine can access the camera or the microphone, if the user has already given permission for Cursor to do so. In version 0.41.0, the entitlements have been split by process: the main process gets the camera and microphone entitlements, but not the DyLib entitlements, whereas the extension host process gets the DyLib entitlements but not the camera or microphone entitlements. As a workaround, do not explicitly give Cursor the permission to access the camera or microphone if untrusted users can run arbitrary commands on the affected machine."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-277", "description": "CWE-277: Insecure Inherited Permissions"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-24T18:02:18.777Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45599", "state": "PUBLISHED", "dateUpdated": "2024-09-24T18:35:10.233Z", "dateReserved": "2024-09-02T16:00:02.423Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-24T18:02:18.777Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib Injection using DYLD_INSERT_LIBRARIES environment variable. The usage of `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` allows an external dynamic library to be injected into the application using DYLD_INSERT_LIBRARIES environment variable. \nMoreover, the entitlement `com.apple.security.device.camera` allows the application to use the host camera and `com.apple.security.device.audio-input` allows the application to use the microphone. This means that untrusted code that is executed on the user's machine can access the camera or the microphone, if the user has already given permission for Cursor to do so. In version 0.41.0, the entitlements have been split by process: the main process gets the camera and microphone entitlements, but not the DyLib entitlements, whereas the extension host process gets the DyLib entitlements but not the camera or microphone entitlements. As a workaround, do not explicitly give Cursor the permission to access the camera or microphone if untrusted users can run arbitrary commands on the affected machine."}, {"lang": "es", "value": "Cursor es un editor de c\u00f3digo de inteligencia artificial. Antes de la versi\u00f3n 0.41.0, si un usuario en macOS le hab\u00eda otorgado a Cursor acceso a la c\u00e1mara o al micr\u00f3fono, cualquier programa que se ejecutara en la m\u00e1quina pod\u00eda acceder a la c\u00e1mara o al micr\u00f3fono sin que se le otorgara acceso expl\u00edcito, a trav\u00e9s de una inyecci\u00f3n DyLib utilizando la variable de entorno DYLD_INSERT_LIBRARIES. El uso de `com.apple.security.cs.allow-dyld-environment-variables` y `com.apple.security.cs.disable-library-validation` permite que se inyecte una librer\u00eda din\u00e1mica externa en la aplicaci\u00f3n utilizando la variable de entorno DYLD_INSERT_LIBRARIES. Adem\u00e1s, el derecho `com.apple.security.device.camera` permite que la aplicaci\u00f3n use la c\u00e1mara del host y `com.apple.security.device.audio-input` permite que la aplicaci\u00f3n use el micr\u00f3fono. Esto significa que el c\u00f3digo no confiable que se ejecuta en la m\u00e1quina del usuario puede acceder a la c\u00e1mara o al micr\u00f3fono, si el usuario ya le dio permiso a Cursor para hacerlo. En la versi\u00f3n 0.41.0, los derechos se han dividido por proceso: el proceso principal obtiene los derechos de la c\u00e1mara y el micr\u00f3fono, pero no los derechos de DyLib, mientras que el proceso host de extensi\u00f3n obtiene los derechos de DyLib pero no los derechos de la c\u00e1mara o el micr\u00f3fono. Como workaround, no le d\u00e9 expl\u00edcitamente a Cursor el permiso para acceder a la c\u00e1mara o al micr\u00f3fono si los usuarios no confiables pueden ejecutar comandos arbitrarios en la m\u00e1quina afectada."}], "id": "CVE-2024-45599", "lastModified": "2024-09-26T13:32:02.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-25T01:15:44.157", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/getcursor/cursor/security/advisories/GHSA-x352-xv29-r74m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-277"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}