Nano
Monthly
GNU nano creates the ~/.local directory with world-writable permissions (0777) on first use of XDG data storage features when the directory does not exist, allowing local attackers in systems with relaxed umasks (such as containers, CI/CD runners, or environments with umask 000) to write attacker-controlled files into the victim's XDG directory hierarchy via a race condition. The vulnerability affects nano versions before 9.0 and carries a CVSS score of 2.1 with CISA SSVC assessment indicating partial technical impact but no known public exploitation.
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. Rated medium severity (CVSS 6.7). No vendor patch available.
GNU nano creates the ~/.local directory with world-writable permissions (0777) on first use of XDG data storage features when the directory does not exist, allowing local attackers in systems with relaxed umasks (such as containers, CI/CD runners, or environments with umask 000) to write attacker-controlled files into the victim's XDG directory hierarchy via a race condition. The vulnerability affects nano versions before 9.0 and carries a CVSS score of 2.1 with CISA SSVC assessment indicating partial technical impact but no known public exploitation.
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. Rated medium severity (CVSS 6.7). No vendor patch available.