How severe is CVE-2018-10361?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-10361?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2018-10361 - HIGH Severity | CVSS 7.8

Vulnerability Description

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.

Related Vulnerabilities

CVE-2014-0023

HIGH

CVSS:7.8(High)

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

CWE-6682014

CVE-2017-8185

HIGH

CVSS:7.8(High)

ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing ...

CWE-6682017

CVE-2018-15591

HIGH

CVSS:7.8(High)

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by lev...

CWE-6682018

CVE-2019-15341

HIGH

CVSS:7.8(High)

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com...

CWE-6682019

CVE-2019-15345

HIGH

CVSS:7.8(High)

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovel...

CWE-6682019

CVE-2019-15346

HIGH

CVSS:7.8(High)

The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lo...

CWE-6682019