audacity is vulnerable to information disclosure. The vulnerability exists as it saves temporary files to /var/tmp/audacity-$USER
by default. After Audacity creates the temporary directory, it sets its permissions to 755
. Any user on the system can read and play the temporary audio .au files located there.
CPE | Name | Operator | Version |
---|---|---|---|
audacity:sid | eq | 2.4.2~dfsg0-3 | |
audacity:bullseye | eq | 2.4.2~dfsg0-3 | |
audacity:sid | eq | 2.4.2~dfsg0-3 | |
audacity:bullseye | eq | 2.4.2~dfsg0-3 |
github.com/audacity/audacity/releases
lists.fedoraproject.org/archives/list/[email protected]/message/MG5PSF4CJ7UPMJHWX553EG3P2XN3PAYI/
lists.fedoraproject.org/archives/list/[email protected]/message/WKK3S2QBXBHOFOQMXMGY5QAKVUWUX2YY/
salvatoresecurity.com/the-many-perils-of-tmp/
security-tracker.debian.org/tracker/CVE-2020-11867