CVE-2020-11867 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Information disclosure
Description	Audacity saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1311	audacity	1:2.4.1-4		Low	Vulnerable

References
https://salvatoresecurity.com/the-many-perils-of-tmp/ https://github.com/audacity/audacity/commit/8bb55b8bbf0f0030224d0bfa1b290c4bc1d91b6a https://github.com/audacity/audacity/issues/699 https://github.com/audacity/audacity/pull/700

References

https://salvatoresecurity.com/the-many-perils-of-tmp/
https://github.com/audacity/audacity/commit/8bb55b8bbf0f0030224d0bfa1b290c4bc1d91b6a
https://github.com/audacity/audacity/issues/699
https://github.com/audacity/audacity/pull/700