{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-06-22T02:06:24.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/audacity/audacity/releases"},{"tags":["x_refsource_MISC"],"url":"https://salvatoresecurity.com/the-many-perils-of-tmp/"},{"name":"FEDORA-2021-8aaccdbb5f","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKK3S2QBXBHOFOQMXMGY5QAKVUWUX2YY/"},{"name":"FEDORA-2021-1a043ee3d2","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MG5PSF4CJ7UPMJHWX553EG3P2XN3PAYI/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-11867","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://github.com/audacity/audacity/releases","refsource":"MISC","url":"https://github.com/audacity/audacity/releases"},{"name":"https://salvatoresecurity.com/the-many-perils-of-tmp/","refsource":"MISC","url":"https://salvatoresecurity.com/the-many-perils-of-tmp/"},{"name":"FEDORA-2021-8aaccdbb5f","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKK3S2QBXBHOFOQMXMGY5QAKVUWUX2YY/"},{"name":"FEDORA-2021-1a043ee3d2","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MG5PSF4CJ7UPMJHWX553EG3P2XN3PAYI/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T11:42:00.675Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/audacity/audacity/releases"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://salvatoresecurity.com/the-many-perils-of-tmp/"},{"name":"FEDORA-2021-8aaccdbb5f","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKK3S2QBXBHOFOQMXMGY5QAKVUWUX2YY/"},{"name":"FEDORA-2021-1a043ee3d2","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MG5PSF4CJ7UPMJHWX553EG3P2XN3PAYI/"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2020-11867","datePublished":"2020-11-30T21:21:28.000Z","dateReserved":"2020-04-17T00:00:00.000Z","dateUpdated":"2024-08-04T11:42:00.675Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}