Refine your search
1 vulnerability found for by kde
CVE-2024-36041 (GCVE-0-2024-36041)
Vulnerability from cvelistv5
Published
2024-07-05 00:00
Modified
2025-11-04 22:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kde:plasma-workspace:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "plasma-workspace",
"vendor": "kde",
"versions": [
{
"lessThan": "5.27.11.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.0.5.1",
"status": "affected",
"version": "6.0.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T16:21:03.526437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T16:29:28.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:06:18.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://invent.kde.org/plasma/plasma-workspace/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.x.org/releases/X11R7.7/doc/libSM/xsmp.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/KDE/plasma-workspace/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://kde.org/info/security/advisory-20240531-1.txt"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00002.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43YGQJGB5I33UBRY2OHXTPXIEESZLZ6N/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNOZWSWXAR6EM3VIUJRSAI3L4QPURQPC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T01:32:02.934Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://invent.kde.org/plasma/plasma-workspace/"
},
{
"url": "https://www.x.org/releases/X11R7.7/doc/libSM/xsmp.html"
},
{
"url": "https://github.com/KDE/plasma-workspace/tags"
},
{
"url": "https://kde.org/info/security/advisory-20240531-1.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-36041",
"datePublished": "2024-07-05T00:00:00.000Z",
"dateReserved": "2024-05-18T00:00:00.000Z",
"dateUpdated": "2025-11-04T22:06:18.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}