CVE-2022-24986

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24986

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24986.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24986

Related

Published

2022-02-26T05:15:08Z

Modified

2025-01-14T10:51:54.081597Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.

References

Affected packages

Debian:11 / kcron

Package

Name: kcron
Purl: pkg:deb/debian/kcron?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:20.*

4:20.12.0-1

4:21.*

4:21.04.0-1

4:21.08.0-1

4:21.12.3-1

4:22.*

4:22.12.0-1

4:22.12.0-2

4:22.12.1-1

4:22.12.3-1

4:24.*

4:24.08.2-1

4:24.12.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kcron

Package

Name: kcron
Purl: pkg:deb/debian/kcron?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:21.12.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / kcron

Package

Name: kcron
Purl: pkg:deb/debian/kcron?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:21.12.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}