CVE-2023-45673 – This vulnerability in Joplin note-taking applic... (How to Fix)

Q: What is the severity of CVE-2023-45673?

CVE-2023-45673 has a CVSS score of 8.9 (HIGH). This vulnerability in Joplin note-taking application allows remote code execution when users click on links within PDFs attached to untrusted notes. Attackers can execute arbitrary shell commands on the victim's system. Anyone using Joplin desktop with untrusted PDF attachments and the icon feature enabled is affected.

📋 TL;DR

This vulnerability in Joplin note-taking application allows remote code execution when users click on links within PDFs attached to untrusted notes. Attackers can execute arbitrary shell commands on the victim's system. Anyone using Joplin desktop with untrusted PDF attachments and the icon feature enabled is affected.

💻 Affected Systems

Products:

Joplin Desktop

Versions: Versions before 2.13.3

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires both PDF attachment with links and icon feature enabled. Mobile versions are not affected.

📦 What is this software?

Joplin by Joplin Project

View all CVEs affecting Joplin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Local privilege escalation leading to data theft, ransomware deployment, or credential harvesting from the compromised system.

🟢

If Mitigated

No impact if users avoid untrusted PDFs or have disabled the icon feature, though these are not reliable mitigations.

🌐 Internet-Facing: MEDIUM - Requires user interaction (clicking PDF link) but can be triggered via social engineering with malicious notes.

🏢 Internal Only: HIGH - Internal users sharing notes with PDFs could inadvertently trigger exploitation within organizational networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (clicking link) but is technically simple once the malicious PDF is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.13.3

Vendor Advisory: https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59

Restart Required: Yes

Instructions:

1. Open Joplin application. 2. Go to Help > Check for updates. 3. Follow prompts to install version 2.13.3 or later. 4. Restart Joplin after installation completes.

🔧 Temporary Workarounds

Disable PDF icon feature

all

Prevents PDF preview icons from displaying, reducing attack surface but not eliminating vulnerability completely.

Settings > Appearance > Uncheck 'Show note counts for notebooks and tags' (may affect PDF icon display)

Avoid untrusted PDFs

all

Do not open or attach PDFs from untrusted sources in Joplin notes.

🧯 If You Can't Patch

Immediately stop using Joplin for any notes containing PDF attachments
Isolate affected systems from sensitive networks and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Joplin version in Help > About. If version is below 2.13.3, system is vulnerable.

Check Version:

On Joplin desktop: Help > About shows version number

Verify Fix Applied:

Confirm version is 2.13.3 or higher in Help > About after updating.

📡 Detection & Monitoring

Log Indicators:

Unusual process spawns from Joplin executable
Network connections initiated by Joplin to unexpected destinations

Network Indicators:

Outbound connections from Joplin to command-and-control servers
DNS requests for suspicious domains

SIEM Query:

Process creation where parent_process contains 'joplin' AND (process contains 'cmd.exe' OR process contains 'powershell.exe' OR process contains 'bash' OR process contains 'sh')

📊 Metadata

CVE ID: CVE-2023-45673

CVSS v3 Score: 8.9 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

CWE: CWE-94

Published: June 21, 2024

Last Updated: April 11, 2025

🔗 References

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox Technical Description
https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59 Exploit,Vendor Advisory
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox Technical Description
https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45673, you might also want to check these: