vulnerability

Alpine Linux: CVE-2024-36041: Vulnerability in Multiple Components

Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
Jul 5, 2024
Added
Aug 22, 2024
Modified
Oct 14, 2024

Description

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.

Solution

alpine-linux-upgrade-plasma-workspace
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.