Arbitrary File Write Vulnerability in KDE Ark by KDE
CVE-2020-24654

3.3LOW

Key Information:

Vendor

Kde

Status
Ark
Vendor
CVE Published:
2 September 2020

What is CVE-2020-24654?

In KDE Ark versions before 20.08.1, a vulnerability allows attackers to exploit crafted TAR archives containing symbolic links. This flaw can lead to unauthorized write operations, enabling files to be installed outside of the intended extraction directory, including sensitive areas like a user's home directory. This poses a significant risk as it may allow malicious users to overwrite important files or introduce harmful payloads.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752...
x_refsource_CONFIRM
https://bugzilla.suse.com/show_bug.cgi?id=1175857
x_refsource_CONFIRM

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.