GNU Nano Vulnerability Allows Privilege Escalation Through Insecure Temporary File
CVE-2024-5742

6.7MEDIUM

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 9
Vendor
CVE Published:
12 June 2024

Summary

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

Affected Version(s)

Red Hat Enterprise Linux 8 0:2.9.8-3.el8_10

References

https://access.redhat.com/errata/RHSA-2024:6986
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-5742
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2278574
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.