CVE-2024-5742

Summary

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:2.9.8-3.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.6.1-6.el9 < *unaffected

Weaknesses

  • CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References