CVE-2020-0570

Published: Sep 14, 2020Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

Affected (5)

Products: Qt: Qt · Redhat: Enterprise Linux

1 product

Redhat

1 product

Enterprise Linux

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Qt Qt	Before 5.9.10
Qt Qt	From 5.10.0 to 5.12.7
Qt Qt	From 5.13.0 to 5.14.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (6)

https://bugreports.qt.io/browse/QTBUG-81272

Source: secure@intel.com

ExploitPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1800604

Source: secure@intel.com

Issue TrackingPatchThird Party Advisory

https://lists.qt-project.org/pipermail/development/2020-January/038534.html

Source: secure@intel.com

Mailing ListVendor Advisory

https://bugreports.qt.io/browse/QTBUG-81272

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1800604

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.qt-project.org/pipermail/development/2020-January/038534.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.