CVE-2020-11867Incorrect Default Permissions in Audacity

CWE-276Incorrect Default Permissions6 documents6 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 69.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Audacityteam AudacityFedoraproject Fedora
Timeline
PublishedNov 30
Latest updateJan 16

Description

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

Debianaudacityteam/audacity< 2.4.2~dfsg0-4+3

Also affects: Fedora 33, 34

🔴Vulnerability Details

3
GHSA
GHSA-wrfq-hrw9-9rm3: Audacity through 22022-05-24
CVEList
CVE-2020-11867: Audacity through 22020-11-30
OSV
CVE-2020-11867: Audacity through 22020-11-30

📋Vendor Advisories

2
Ubuntu
Audacity vulnerability2025-01-16
Debian
CVE-2020-11867: audacity - Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by defau...2020
CVE-2020-11867 — Incorrect Default Permissions | cvebase