CVE-2024-5742
published 2024-06-12CVE-2024-5742: A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file…
medium6.7CVSS 3.1
AVLACHPRLUIRSUCHIHAH
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nano | < nano 7.2-1+deb12u1 (bookworm) | nano 7.2-1+deb12u1 (bookworm) |
| gnu | nano | >= 0 < 5.4-2+deb11u3 | 5.4-2+deb11u3 |
| gnu | nano | >= 0 < 7.2-1+deb12u1 | 7.2-1+deb12u1 |
| gnu | nano | >= 0 < 8.0-1 | 8.0-1 |
| gnu | nano | >= 0 < 8.0-1 | 8.0-1 |
| gnu | nano | >= 2.2.0 < 8.0 | 8.0 |
| msrc | azl3_nano_6.4-2_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_nano_6.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
osv6.7MEDIUM