CVE-2024-36041

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36041
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36041.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36041
Related
Published
2024-07-05T02:15:10Z
Modified
2024-09-18T03:26:23.096001Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.

References

Affected packages

Debian:11 / plasma-workspace

Package

Name
plasma-workspace
Purl
pkg:deb/debian/plasma-workspace?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:5.20.5-6+deb11u1

Affected versions

4:5.*

4:5.20.5-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / plasma-workspace

Package

Name
plasma-workspace
Purl
pkg:deb/debian/plasma-workspace?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:5.27.5-2+deb12u2

Affected versions

4:5.*

4:5.27.5-2
4:5.27.5-2+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / plasma-workspace

Package

Name
plasma-workspace
Purl
pkg:deb/debian/plasma-workspace?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:5.27.11.1-1

Affected versions

4:5.*

4:5.27.5-2
4:5.27.7-1
4:5.27.7-2
4:5.27.8-1
4:5.27.8-2
4:5.27.9.1-1
4:5.27.10-1
4:5.27.10-2
4:5.27.10-3
4:5.27.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}