Описание
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 8.0-1 |
| esm-infra-legacy/trusty | not-affected | 2.2.6-1ubuntu1+esm1 |
| esm-infra/bionic | released | 2.9.3-2ubuntu0.1~esm1 |
| esm-infra/focal | not-affected | 4.8-1ubuntu1.1 |
| esm-infra/xenial | released | 2.5.3-2ubuntu2+esm1 |
| focal | released | 4.8-1ubuntu1.1 |
| jammy | released | 6.2-1ubuntu0.1 |
| mantic | ignored | end of life, was needed |
| noble | released | 7.2-2ubuntu0.1 |
| oracular | not-affected | 8.0-1 |
Показывать по
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
A vulnerability was found in GNU Nano that allows a possible privilege ...
EPSS
6.7 Medium
CVSS3