Permissions, Privileges, and Access Controls in kcron - CVE-2022-24986
Published: February 28, 2022
Vulnerability identifier: #VU60903
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-24986
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: KDE.org
Affected software:
kcron
kcron
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper temporary file handling when reading the existing crontab or saving the new one, which leads to security restrictions bypass and privilege escalation.
How to mitigate CVE-2022-24986
Install updates from vendor's website.