CVE-2020-11867
LOWAudacity <= 2.3.3 - Unprotected Temporary File Exposure via /var/tmp/audacity-$USER
Title source: llmDescription
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
References (4)
Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/audacity/audacity/releases
Third Party Advisory x_refsource_misc
https://salvatoresecurity.com/the-many-perils-of-tmp/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKK3S2QBXBHOFOQMXMGY5QAKVUWUX2YY/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MG5PSF4CJ7UPMJHWX553EG3P2XN3PAYI/
Scores
CVSS v3
3.3
EPSS
0.0047
EPSS Percentile
36.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-276
Status
published
Products (3)
audacityteam/audacity
< 2.3.3
fedoraproject/fedora
33
fedoraproject/fedora
34
Published
Nov 30, 2020
Tracked Since
Feb 18, 2026