{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-5742", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-06-07T12:22:38.441Z", "datePublished": "2024-06-12T08:53:02.256Z", "dateUpdated": "2024-09-17T00:12:50.171Z"}, "containers": {"cna": {"title": "Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-5742", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574", "name": "RHBZ#2278574", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-04-28T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-377", "description": "Insecure Temporary File", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-377: Insecure Temporary File", "timeline": [{"lang": "en", "time": "2024-05-02T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-28T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-17T00:12:50.171Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T19:25:06.290598Z", "id": "CVE-2024-5742", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T19:25:18.738Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:07.052Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-5742", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574", "name": "RHBZ#2278574", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-5742", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574", "name": "RHBZ#2278574", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:07.052Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5742", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-12T19:25:06.290598Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T19:25:14.964Z"}}], "cna": {"title": "Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "nano", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "nano", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "nano", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "nano", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-05-02T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-28T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-04-28T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-5742", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574", "name": "RHBZ#2278574", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-377", "description": "Insecure Temporary File"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-17T00:12:50.171Z"}, "x_redhatCweChain": "CWE-377: Insecure Temporary File"}}, "cveMetadata": {"cveId": "CVE-2024-5742", "state": "PUBLISHED", "dateUpdated": "2024-09-17T00:12:50.171Z", "dateReserved": "2024-06-07T12:22:38.441Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-06-12T08:53:02.256Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en GNU Nano que permite una posible escalada de privilegios a trav\u00e9s de un archivo temporal inseguro. Si Nano muere mientras edita, un archivo que guarda en un archivo de emergencia con los permisos del usuario que lo ejecuta brinda una ventana de oportunidad para que los atacantes aumenten los privilegios a trav\u00e9s de un enlace simb\u00f3lico malicioso."}], "id": "CVE-2024-5742", "lastModified": "2024-09-17T00:15:52.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-06-12T09:15:23.037", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-5742"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-377"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file", "id": "2278574", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-377", "details": ["A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.", "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink."], "name": "CVE-2024-5742", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "nano", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "nano", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "nano", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nano", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-5742\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5742"], "statement": "For an attack to be successful, an attacker must be able to kill the Nano session of another user, hence this issue was rated as a Low severity issue.", "threat_severity": "Low", "upstream_fix": "nano 8.0"}