Information Disclosure

2021-03-0211:10:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

15.5%

JSON

audacity is vulnerable to information disclosure. The vulnerability exists as it saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

CPENameOperatorVersion
audacity:sideq2.4.2~dfsg0-3
audacity:bullseyeeq2.4.2~dfsg0-3
audacity:sideq2.4.2~dfsg0-3
audacity:bullseyeeq2.4.2~dfsg0-3

Name	Operator	Version
audacity:sid	eq	2.4.2~dfsg0-3
audacity:bullseye	eq	2.4.2~dfsg0-3
audacity:sid	eq	2.4.2~dfsg0-3
audacity:bullseye	eq	2.4.2~dfsg0-3

References

github.com/audacity/audacity/releases

lists.fedoraproject.org/archives/list/[email protected]/message/MG5PSF4CJ7UPMJHWX553EG3P2XN3PAYI/

lists.fedoraproject.org/archives/list/[email protected]/message/WKK3S2QBXBHOFOQMXMGY5QAKVUWUX2YY/

salvatoresecurity.com/the-many-perils-of-tmp/

security-tracker.debian.org/tracker/CVE-2020-11867

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:29542