{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-5742", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-06-07T12:22:38.441Z", "datePublished": "2024-06-12T08:53:02.256Z", "dateUpdated": "2024-06-12T08:53:02.256Z"}, "containers": {"cna": {"title": "Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-5742", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574", "name": "RHBZ#2278574", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html"}], "datePublic": "2024-04-28T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-377", "description": "Insecure Temporary File", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-377: Insecure Temporary File", "timeline": [{"lang": "en", "time": "2024-05-02T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-28T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-06-12T08:53:02.256Z"}}}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en GNU Nano que permite una posible escalada de privilegios a trav\u00e9s de un archivo temporal inseguro. Si Nano muere mientras edita, un archivo que guarda en un archivo de emergencia con los permisos del usuario que lo ejecuta brinda una ventana de oportunidad para que los atacantes aumenten los privilegios a trav\u00e9s de un enlace simb\u00f3lico malicioso."}], "id": "CVE-2024-5742", "lastModified": "2024-06-17T12:15:49.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-06-12T09:15:23.037", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-5742"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-377"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{}