CVE-2020-11867

Name of the Vulnerable Software and Affected Versions Audacity versions 2.3.3 and earlier

Description The issue is related to the default permission settings in Audacity. When Audacity creates temporary files, it saves them to /var/tmp/audacity-$USER and sets the permissions to 755. This allows any user on the system to read and play the temporary audio .au files located there. The vulnerability may allow an attacker to access confidential data.

Recommendations For Audacity versions 2.3.3 and earlier, consider changing the default temporary directory permissions to restrict access to sensitive audio files. As a temporary workaround, restrict access to the /var/tmp/audacity-$USER directory to minimize the risk of exploitation. Update to a version later than 2.3.3 to fully resolve the issue.