CVE-2022-24123 – CVE-2022-24123 is a critical vulnerability in M... (How to Fix)

Q: What is the severity of CVE-2022-24123?

CVE-2022-24123 has a CVSS score of 9.0 (CRITICAL). CVE-2022-24123 is a critical vulnerability in MarkText that allows remote code execution through malicious markdown files. Attackers can craft .md files containing XSS payloads in mermaid blocks that execute arbitrary code when rendered. All users of vulnerable MarkText versions are affected.

📋 TL;DR

CVE-2022-24123 is a critical vulnerability in MarkText that allows remote code execution through malicious markdown files. Attackers can craft .md files containing XSS payloads in mermaid blocks that execute arbitrary code when rendered. All users of vulnerable MarkText versions are affected.

💻 Affected Systems

Products:

MarkText

Versions: All versions through 0.16.3

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations are vulnerable by default when processing markdown files with mermaid blocks.

📦 What is this software?

Marktext by Marktext

View all CVEs affecting Marktext →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine through arbitrary code execution.

🟠

Likely Case

Data theft, malware installation, or ransomware deployment when users open malicious markdown files.

🟢

If Mitigated

Limited impact if users only open trusted files and have proper endpoint protection.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but these can be distributed via email, downloads, or websites.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files shared via internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction to open a malicious .md file, but the payload execution is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.17.0 and later

Vendor Advisory: https://github.com/marktext/marktext/issues/2946

Restart Required: Yes

Instructions:

1. Download latest version from https://github.com/marktext/marktext/releases
2. Uninstall old version
3. Install new version
4. Restart system

🔧 Temporary Workarounds

Disable mermaid rendering

all

Temporarily disable mermaid diagram rendering in MarkText settings

Use alternative markdown editor

all

Switch to a different markdown editor until patched

🧯 If You Can't Patch

Only open markdown files from trusted sources
Use sandboxed environment for opening untrusted markdown files

🔍 How to Verify

Check if Vulnerable:

Check MarkText version in Help > About menu

Check Version:

On Linux/macOS: marktext --version; On Windows: Check in Help > About menu

Verify Fix Applied:

Verify version is 0.17.0 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from MarkText
Network connections initiated by MarkText to suspicious domains

Network Indicators:

MarkText making unexpected outbound connections
Downloads of external resources during markdown rendering

SIEM Query:

process_name:"MarkText" AND (process_cmdline:*javascript* OR process_cmdline:*powershell* OR process_cmdline:*cmd*)

📊 Metadata

CVE ID: CVE-2022-24123

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: January 29, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/marktext/marktext/issues/2946 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/marktext/marktext/pull/2947 Patch,Third Party Advisory
https://github.com/marktext/marktext/issues/2946 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/marktext/marktext/pull/2947 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24123, you might also want to check these: