Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. https://github.com/audacity/audacity/releases https://salvatoresecurity.com/the-many-perils-of-tmp/
Created audacity tracking bugs for this issue: Affects: epel-all [bug 1904017] Affects: fedora-all [bug 1904016]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.