{"timestamp":"2024-10-07T20:27:39.384448Z","id":"CVE-2024-5742","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"defaultStatus":"affected","collectionURL":"https://git.savannah.gnu.org/git/nano.git","packageName":"nano"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nano","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.9.8-3.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nano","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:5.6.1-6.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nano","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nano","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nano","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]

https://access.redhat.com/security/cve/CVE-2024-5742

https://bugzilla.redhat.com/show_bug.cgi?id=2278574

https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html

Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:9430 [No types assigned]

Red Hat, Inc. AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Red Hat, Inc. AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Red Hat, Inc. CWE-59

Red Hat, Inc. CWE-377

Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:6986 [No types assigned]

NIST AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

NIST CWE-59

OR
     *cpe:2.3:a:gnu:nano:*:*:*:*:*:*:*:* versions from (including) 2.2.0 up to (excluding) 8.0

OR
     *cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

https://access.redhat.com/security/cve/CVE-2024-5742 No Types Assigned

https://access.redhat.com/security/cve/CVE-2024-5742 Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2278574 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=2278574 Issue Tracking, Vendor Advisory

Red Hat, Inc. https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html

Red Hat, Inc. https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html [No types assigned]

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

Red Hat, Inc. AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Red Hat, Inc. CWE-377

Red Hat, Inc. https://access.redhat.com/security/cve/CVE-2024-5742 [No types assigned]

Red Hat, Inc. https://bugzilla.redhat.com/show_bug.cgi?id=2278574 [No types assigned]