CVE-2020-0570 — Untrusted Search Path in QT
Severity
7.3HIGHNVD
OSV5.5
EPSS
0.3%
top 44.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 14
Latest updateMay 24
Description
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9
Affected Packages8 packages
Also affects: Enterprise Linux 7.0, 8.0
Patches
🔴Vulnerability Details
3📋Vendor Advisories
4Microsoft▶
Uncontrolled search path in the QT Library before 5.14.0 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.↗2020-09-08
Red Hat▶
qt: files placed by attacker can influence the working directory and lead to malicious code execution↗2020-02-07
Debian▶
CVE-2020-0570: qtbase-opensource-src - Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may ...↗2020
💬Community
4Bugzilla▶
CVE-2020-0570 qt5-qtbase: qt: files placed by attacker can influence the working directory and lead to malicious code execution [epel-6]↗2020-03-18
Bugzilla▶
CVE-2020-0570 qt5-qtbase: qt: files placed by attacker can influence the working directory and lead to malicious code execution [fedora-all]↗2020-03-17
Bugzilla▶
CVE-2020-0570 qt: files placed by attacker can influence the working directory and lead to malicious code execution [fedora-all]↗2020-02-07
Bugzilla▶
CVE-2020-0570 qt: files placed by attacker can influence the working directory and lead to malicious code execution↗2020-02-07