CVE-2022-24986
Published: 26 February 2022
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
kcron
Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Ignored
(end of life, was needs-triage)
|
|
| noble |
Needs triage
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://www.openwall.com/lists/oss-security/2022/02/25/3
- https://invent.kde.org/system/kcron/-/commit/ef4266e3d5ea741c4d4f442a2cb12a317d7502a1
- https://invent.kde.org/system/kcron/-/merge_requests/14 (followup fix)
- https://kde.org/info/security/advisory-20220216-1.txt
- http://www.openwall.com/lists/oss-security/2022/02/25/3
- https://apps.kde.org/kcron/
- https://www.cve.org/CVERecord?id=CVE-2022-24986
- NVD
- Launchpad
- Debian