CVE-2020-11867
3.3
LOW
CVSS 3.1
EPSS 0.12%
Description
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
How to fix CVE-2020-11867
To remediate CVE-2020-11867, upgrade the affected package to a fixed version below.
- Debian/audacity—upgrade to 2.4.2~dfsg0-4 or later
Is CVE-2020-11867 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.4.2~dfsg0-4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |