CVE-2024-5742

Public on 2024-06-08
Modified on 2024-06-08
Description

nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file

Severity
Medium
See what this means
CVSS v3 Base Score
4.7
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core nano 2024-07-22 ALAS2-2024-2590
Amazon Linux 2023 nano 2024-07-22 ALAS2023-2024-652

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
NVD CVSSv3 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2024-5742 Mitre: CVE-2024-5742