Lucene search

GitHub Advisory DatabaseGHSA-R3R5-JHW6-4634

HistoryApr 08, 2022 - 12:00 a.m.

Insecure temporary file usage in SWHKD

2022-04-0800:00:24

CWE-668

GitHub Advisory Database

github.com

swhkd

temporary file

information leak

denial of service

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.002

Percentile

59.0%

JSON

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.

Affected configurations

Vulners

Node

waylandsimple-wayland-hotkey-daemonRange<1.2.0

VendorProductVersionCPE
waylandsimple-wayland-hotkey-daemon*cpe:2.3:a:wayland:simple-wayland-hotkey-daemon:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wayland	simple-wayland-hotkey-daemon	*	cpe:2.3:a:wayland:simple-wayland-hotkey-daemon::::::::

References

www.openwall.com/lists/oss-security/2022/04/14/1

github.com/advisories/GHSA-r3r5-jhw6-4634

github.com/waycrate/swhkd/commit/f70b99dd575fab79d8a942111a6980431f006818

github.com/waycrate/swhkd/releases/tag/1.2.0

nvd.nist.gov/vuln/detail/CVE-2022-27818

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.002

Percentile

59.0%

JSON

Related for GHSA-R3R5-JHW6-4634