CVE-2024-36041

EPSS 0.15%
Veröffentlicht 05.07.2024 02:15:10
Zuletzt bearbeitet 21.11.2024 09:21:29
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kde ≫ Plasma-workspace Version < 5.27.11.1

Kde ≫ Plasma-workspace Version >= 6.0.0.0 < 6.0.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.354

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://github.com/KDE/plasma-workspace/tags

Release Notes

https://invent.kde.org/plasma/plasma-workspace/

Product

https://kde.org/info/security/advisory-20240531-1.txt

Vendor Advisory

https://www.x.org/releases/X11R7.7/doc/libSM/xsmp.html

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-36041

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36041

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36041

EUVD