Vulnerability Description
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Nano | >= 2.2.0, < 8.0 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:6986
- https://access.redhat.com/errata/RHSA-2024:9430
- https://access.redhat.com/security/cve/CVE-2024-5742Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2278574Issue TrackingVendor Advisory
- https://access.redhat.com/security/cve/CVE-2024-5742Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2278574Issue TrackingVendor Advisory
- https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html
FAQ
What is CVE-2024-5742?
CVE-2024-5742 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the per...
How severe is CVE-2024-5742?
CVE-2024-5742 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5742?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Nano, Redhat Enterprise Linux.