CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
EPSS
Percentile
5.1%
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | pyxdg | < 0.25-4 | pyxdg_0.25-4_all.deb |
Debian | 11 | all | pyxdg | < 0.25-4 | pyxdg_0.25-4_all.deb |
Debian | 999 | all | pyxdg | < 0.25-4 | pyxdg_0.25-4_all.deb |
Debian | 13 | all | pyxdg | < 0.25-4 | pyxdg_0.25-4_all.deb |