CVE-2020-11867
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-11867
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11867.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-11867
- Related
- Published
- 2020-11-30T22:15:10Z
- Modified
- 2025-01-14T08:15:29.249565Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
- References
-
- https://github.com/audacity/audacity/releases
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MG5PSF4CJ7UPMJHWX553EG3P2XN3PAYI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKK3S2QBXBHOFOQMXMGY5QAKVUWUX2YY/
- https://salvatoresecurity.com/the-many-perils-of-tmp/
- https://security-tracker.debian.org/tracker/CVE-2020-11867
Affected packages
Debian:11 / audacity
Package
- Name
- audacity
- Purl
- pkg:deb/debian/audacity?arch=source
Debian:12 / audacity
Package
- Name
- audacity
- Purl
- pkg:deb/debian/audacity?arch=source
Debian:13 / audacity
Package
- Name
- audacity
- Purl
- pkg:deb/debian/audacity?arch=source
Git / github.com/audacity/audacity
Affected ranges
- Type
- GIT
- Repo
- https://github.com/audacity/audacity
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Audacity-1.*
Audacity-1.3.12
Audacity-1.3.13
Audacity-1.3.14
Audacity-1.3.15
Audacity-2.*
Audacity-2.0.0
Audacity-2.0.1
Audacity-2.0.2
Audacity-2.0.3
Audacity-2.0.4
Audacity-2.0.5
Audacity-2.0.6
Audacity-2.1.0
Audacity-2.1.1
Audacity-2.1.2
Audacity-2.1.3
Audacity-2.2.0
Audacity-2.2.1
Audacity-2.2.2
Audacity-2.3.0
Audacity-2.3.1
Audacity-2.3.2
Audacity-2.3.3
DarkAudacity-2.*
DarkAudacity-2.1.3x