{"api_version":"1","generated_at":"2026-04-22T19:36:23+00:00","cve":"CVE-2022-24986","urls":{"html":"https://cve.report/CVE-2022-24986","api":"https://cve.report/api/cve/CVE-2022-24986.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-24986","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-24986"},"summary":{"title":"CVE-2022-24986","description":"KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-02-26 05:15:00","updated_at":"2023-08-08 14:22:00"},"problem_types":["CWE-362","CWE-668"],"metrics":[],"references":[{"url":"https://apps.kde.org/kcron/","name":"https://apps.kde.org/kcron/","refsource":"MISC","tags":[],"title":"KCron - KDE Applications","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2022/02/25/3","name":"http://www.openwall.com/lists/oss-security/2022/02/25/3","refsource":"MISC","tags":[],"title":"oss-security - CVE-2022-24986: KCron: Insecure temporary file handling","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-24986","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24986","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"24986","vulnerable":"1","versionEndIncluding":"21.12.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kde","cpe5":"kcron","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-24986","qid":"184838","title":"Debian Security Update for kcron (CVE-2022-24986)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-24986","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://apps.kde.org/kcron/","refsource":"MISC","name":"https://apps.kde.org/kcron/"},{"refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2022/02/25/3","url":"http://www.openwall.com/lists/oss-security/2022/02/25/3"}]}},"nvd":{"publishedDate":"2022-02-26 05:15:00","lastModifiedDate":"2023-08-08 14:22:00","problem_types":["CWE-362","CWE-668"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kde:kcron:*:*:*:*:*:*:*:*","versionEndIncluding":"21.12.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"24986","Ordinal":"228425","Title":"CVE-2022-24986","CVE":"CVE-2022-24986","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"24986","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}