UBUNTU-CVE-2022-23853

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2022-23853
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23853.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-23853
Related
Published
2022-02-11T18:15:00Z
Modified
2024-10-15T14:09:47Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.

References

Affected packages

Ubuntu:Pro:16.04:LTS / kate

Package

Name
kate
Purl
pkg:deb/ubuntu/kate?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4:15.*

4:15.08.2-0ubuntu1
4:15.08.2-0ubuntu2
4:15.12.1-0ubuntu1
4:15.12.3-0ubuntu1
4:15.12.3-0ubuntu2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / ktexteditor

Package

Name
ktexteditor
Purl
pkg:deb/ubuntu/ktexteditor?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.0-0ubuntu1
5.15.0-0ubuntu2
5.15.0-0ubuntu3
5.18.0-0ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / kate

Package

Name
kate
Purl
pkg:deb/ubuntu/kate?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4:17.*

4:17.04.3-0ubuntu1
4:17.04.3-0ubuntu2
4:17.08.3-0ubuntu1
4:17.12.2-0ubuntu1
4:17.12.3-0ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ktexteditor

Package

Name
ktexteditor
Purl
pkg:deb/ubuntu/ktexteditor?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.38.0-0ubuntu1
5.38.0-0ubuntu1.1
5.38.0-0ubuntu2
5.40.0-0ubuntu1
5.41.0-0ubuntu2
5.42.0-0ubuntu1
5.43.0-0ubuntu2
5.44.0-0ubuntu1
5.44.0-0ubuntu2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / kate

Package

Name
kate
Purl
pkg:deb/ubuntu/kate?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4:19.*

4:19.04.3-0ubuntu2
4:19.08.2-1ubuntu1
4:19.08.3-0ubuntu1
4:19.12.0-0ubuntu1
4:19.12.0-1ubuntu1
4:19.12.1-0ubuntu1
4:19.12.2-0ubuntu1
4:19.12.3-0ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ktexteditor

Package

Name
ktexteditor
Purl
pkg:deb/ubuntu/ktexteditor?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.62.0-0ubuntu1
5.62.0-0ubuntu2
5.64.0-0ubuntu1
5.65.0-0ubuntu2
5.65.0-0ubuntu3
5.66.0-0ubuntu1
5.67.0-0ubuntu1
5.68.0-0ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / kate

Package

Name
kate
Purl
pkg:deb/ubuntu/kate?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4:21.*

4:21.08.1-1
4:21.08.2-1
4:21.08.3-0ubuntu1
4:21.11.80-0ubuntu1
4:21.11.90-0ubuntu1
4:21.11.90-0ubuntu2
4:21.12.0-0ubuntu1
4:21.12.1-0ubuntu1
4:21.12.2-0ubuntu1
4:21.12.3-0ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ktexteditor

Package

Name
ktexteditor
Purl
pkg:deb/ubuntu/ktexteditor?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.86.0-0ubuntu1
5.88.0-0ubuntu1
5.88.0-1ubuntu1
5.88.0-1ubuntu3
5.89.0-0ubuntu1
5.90.0-0ubuntu1
5.90.0-0ubuntu2
5.91.0-0ubuntu1
5.92.0-0ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / kate

Package

Name
kate
Purl
pkg:deb/ubuntu/kate?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4:23.*

4:23.08.5-0ubuntu3

4:24.*

4:24.08.0-1ubuntu1
4:24.08.1-0ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ktexteditor

Package

Name
ktexteditor
Purl
pkg:deb/ubuntu/ktexteditor?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.115.0-0ubuntu4
5.116.0-0ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / kate

Package

Name
kate
Purl
pkg:deb/ubuntu/kate?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4:23.*

4:23.08.1-0ubuntu1
4:23.08.2-0ubuntu1
4:23.08.3-0ubuntu1
4:23.08.4-0ubuntu1
4:23.08.5-0ubuntu1
4:23.08.5-0ubuntu2
4:23.08.5-0ubuntu3

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ktexteditor

Package

Name
ktexteditor
Purl
pkg:deb/ubuntu/ktexteditor?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.110.0-0ubuntu1
5.112.0-0ubuntu1
5.113.0-0ubuntu1
5.115.0-0ubuntu2
5.115.0-0ubuntu3
5.115.0-0ubuntu4

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}