Unrated severityNVD Advisory· Published Feb 11, 2022· Updated Aug 3, 2024
CVE-2022-23853
CVE-2022-23853
Description
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.
Affected products
16- KDE/KDE Katedescription
- osv-coords15 versionspkg:rpm/opensuse/kate&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Server%204.1
< 21.12.2-1.1+ 14 more
- (no CPE)range: < 21.12.2-1.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.15.2+kde294-2.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- security.gentoo.org/glsa/202401-21mitrevendor-advisory
- apps.kde.org/kate/mitre
- kde.org/info/security/advisory-20220131-1.txtmitre
News mentions
0No linked articles in our index yet.