A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:6986 | |
https://access.redhat.com/errata/RHSA-2024:9430 | |
https://access.redhat.com/security/cve/CVE-2024-5742 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2278574 | Issue Tracking Vendor Advisory |
Configurations
History
12 Nov 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Sep 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
25 Sep 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Sep 2024, 15:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
CWE | CWE-59 | |
References | () https://access.redhat.com/security/cve/CVE-2024-5742 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2278574 - Issue Tracking, Vendor Advisory | |
First Time |
Redhat enterprise Linux
Redhat Gnu Gnu nano |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:nano:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
17 Sep 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jun 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jun 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Jun 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-12 09:15
Updated : 2024-11-12 18:15
NVD link : CVE-2024-5742
Mitre link : CVE-2024-5742
CVE.ORG link : CVE-2024-5742
JSON object : View
Products Affected
redhat
- enterprise_linux
gnu
- nano
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')