CVE-2022-24986 Information

Description

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving but reuses the filename during an editing session. Thus someone watching it be created the first time could potentially intercept the file the following time enabling that person to run unauthorized commands.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.openwall.com/lists/oss-security/2022/02/25/3 https://apps.kde.org/kcron/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8