Jump to:

CVE-2022-24986

Jump to:

CVE-2022-24986

Package kde5-kcron updated to version 21.12.3-alt1 for branch sisyphus in task 296276.

Published: 2022-02-26
Modified: 2024-11-21

CVE-2022-24986

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

http://www.openwall.com/lists/oss-security/2022/02/25/3
http://www.openwall.com/lists/oss-security/2022/02/25/3
https://apps.kde.org/kcron/
https://apps.kde.org/kcron/

Version: 2.1.0

Package kde5-kcron update in sisyphus on 2022-03-05

ALT-PU-2022-1439-1

Closed vulnerabilities

CVE-2022-24986