GNU Nano Vulnerability Allows Privilege Escalation Through Insecure Temporary File

CVE-2024-5742

6.7MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 12 June 2024

Summary

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

Affected Version(s)

Red Hat Enterprise Linux 8 <= 0:2.9.8-3.el8_10

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: null to: 4.7 - (MEDIUM)
Jun 17, 2024
Vulnerability published.
Jun 12, 2024
Vulnerability Reserved.
Jun 7, 2024
Reported to Red Hat.
May 2, 2024

Collectors

NVD DatabaseMitre Database