4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
12.7%
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but
reuses the filename during an editing session. Thus, someone watching it be
created the first time could potentially intercept the file the following
time, enabling that person to run unauthorized commands.
www.openwall.com/lists/oss-security/2022/02/25/3
apps.kde.org/kcron/
invent.kde.org/system/kcron/-/commit/ef4266e3d5ea741c4d4f442a2cb12a317d7502a1
invent.kde.org/system/kcron/-/merge_requests/14 (followup fix)
kde.org/info/security/advisory-20220216-1.txt
launchpad.net/bugs/cve/CVE-2022-24986
nvd.nist.gov/vuln/detail/CVE-2022-24986
security-tracker.debian.org/tracker/CVE-2022-24986
www.cve.org/CVERecord?id=CVE-2022-24986
www.openwall.com/lists/oss-security/2022/02/25/3
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
12.7%