← Retour aux CVEs
CVE-2024-36041
HIGH7.8
Description
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie7/5/2024
Derniere modification11/4/2025
Sourcenvd
Observations honeypot0
Produits affectes
kde:plasma-workspace
Faiblesses (CWE)
CWE-613
References
https://github.com/KDE/plasma-workspace/tags(cve@mitre.org)
https://invent.kde.org/plasma/plasma-workspace/(cve@mitre.org)
https://kde.org/info/security/advisory-20240531-1.txt(cve@mitre.org)
https://www.x.org/releases/X11R7.7/doc/libSM/xsmp.html(cve@mitre.org)
https://github.com/KDE/plasma-workspace/tags(af854a3a-2127-422b-91ae-364da2661108)
https://invent.kde.org/plasma/plasma-workspace/(af854a3a-2127-422b-91ae-364da2661108)
https://kde.org/info/security/advisory-20240531-1.txt(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/06/msg00002.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43YGQJGB5I33UBRY2OHXTPXIEESZLZ6N/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNOZWSWXAR6EM3VIUJRSAI3L4QPURQPC/(af854a3a-2127-422b-91ae-364da2661108)
https://www.x.org/releases/X11R7.7/doc/libSM/xsmp.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.