Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
KTextEditor 安全漏洞
Vulnerability Description
KTextEditor是一款KDE Frameworks中的提供高级纯文本编辑功能的编辑器。 KTextEditor 5.34.0版本至5.45.0版本中存在安全漏洞,该漏洞源于KTextEditor的kauth_ktexteditor_helper服务没有正确的处理临时文件。攻击者可通过向其他非特权用户所有的目录写入文本文件并通过其他用户实施符号链接攻击利用该漏洞获取root权限。
CVSS Information
N/A
Vulnerability Type
N/A