KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-05T00:00:00

Updated: 2024-08-02T03:30:12.118Z

Reserved: 2024-05-18T00:00:00

Link: CVE-2024-36041

cve-icon Vulnrichment

Updated: 2024-08-02T03:30:12.118Z

cve-icon NVD

Status : Modified

Published: 2024-07-05T02:15:10.000

Modified: 2024-07-09T16:22:37.687

Link: CVE-2024-36041

cve-icon Redhat

No data.