CVE-2024-5742

MEDIUM

GNU Nano 2.2.0-8.0 - Privilege Escalation via Emergency File Symlink

Title source: llm

Description

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:6986

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9430

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-5742

Issue Tracking, Vendor Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2278574

Scores

CVSS v3 6.7

EPSS 0.0008

EPSS Percentile 23.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-59

Status published

Products (5)

gnu/nano 2.2.0 - 8.0

redhat/enterprise_linux 6.0

redhat/enterprise_linux 7.0

redhat/enterprise_linux 8.0

redhat/enterprise_linux 9.0

Published Jun 12, 2024

Tracked Since Feb 18, 2026