CVE Vulnerabilities

CVE-2021-28623

Creation of Temporary File in Directory with Insecure Permissions

Published: Jun 28, 2021 | Modified: Jul 02, 2021
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.

Weakness

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file’s existence or otherwise access that file.

Potential Mitigations

References