KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-26T04:06:21
Updated: 2024-08-03T04:29:01.642Z
Reserved: 2022-02-14T00:00:00
Link: CVE-2022-24986
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-26T05:15:08.343
Modified: 2024-11-21T06:51:30.797
Link: CVE-2022-24986
Redhat
No data.