[Debian] Medium CVE: CVE-2024-5742 nano
Bug #2071583 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Peng Zhang |
Bug Description
CVE-2024-5742: https:/
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
Base Score: Medium
Reference:
['nano_
CVE References
Changed in starlingx: | |
assignee: | nobody → Peng Zhang (pzhang2) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/924049
Review: https:/