All the vulnerabilites related to Canonical Ltd. - snapd
cve-2021-44731
Vulnerability from cvelistv5
Published
2022-02-17 00:00
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | snapd |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:12.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
},
{
"name": "DSA-5080",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5080"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/2"
},
{
"name": "[oss-security] 20221130 Race condition in snap-confine\u0027s must_mkdir_and_open_with_perms() (CVE-2022-3328)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/30/2"
},
{
"name": "20221208 Race condition in snap-confine\u0027s must_mkdir_and_open_with_perms() (CVE-2022-3328)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "2.54.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Qualys Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap\u0027s private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-09T00:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
},
{
"name": "DSA-5080",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5080"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/2"
},
{
"name": "[oss-security] 20221130 Race condition in snap-confine\u0027s must_mkdir_and_open_with_perms() (CVE-2022-3328)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/30/2"
},
{
"name": "20221208 Race condition in snap-confine\u0027s must_mkdir_and_open_with_perms() (CVE-2022-3328)",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/4"
},
{
"url": "http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "snapd could be made to escalate privileges and run programs as administrator",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-44731",
"datePublished": "2022-02-17T00:00:00",
"dateReserved": "2021-12-08T00:00:00",
"dateUpdated": "2024-08-04T04:32:12.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3155
Vulnerability from cvelistv5
Published
2022-02-17 22:15
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5292-1 | x_refsource_MISC | |
| https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 | x_refsource_MISC | |
| https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | snapd |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "2.54.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Troup"
}
],
"descriptions": [
{
"lang": "en",
"value": "snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T22:15:16",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca"
}
],
"source": {
"discovery": "USER"
},
"title": "snapd created ~/snap with too-wide permissions",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2021-3155",
"STATE": "PUBLIC",
"TITLE": "snapd created ~/snap with too-wide permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snapd",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.54.2"
}
]
}
}
]
},
"vendor_name": "Canonical Ltd."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Troup"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/security/notices/USN-5292-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85",
"refsource": "MISC",
"url": "https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85"
},
{
"name": "https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca",
"refsource": "MISC",
"url": "https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3155",
"datePublished": "2022-02-17T22:15:16",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T16:45:51.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1523
Vulnerability from cvelistv5
Published
2023-09-01 18:41
Modified
2024-10-01 13:08
Severity ?
EPSS score ?
Summary
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-6125-1 | vendor-advisory | |
| https://github.com/snapcore/snapd/pull/12849 | issue-tracking | |
| https://marc.info/?l=oss-security&m=167879021709955&w=2 | mailing-list | |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523 | issue-tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | snapd | |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-6125-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/pull/12849"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1523",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T13:08:37.894449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T13:08:45.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/snapcore/snapd/releases",
"packageName": "snapd",
"platforms": [
"Linux"
],
"product": "snapd",
"repo": "https://github.com/snapcore/snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"status": "unaffected",
"version": "2.59.5"
}
]
}
],
"datePublic": "2023-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-01T18:41:47.820Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6125-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/snapcore/snapd/pull/12849"
},
{
"tags": [
"mailing-list"
],
"url": "https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-1523",
"datePublished": "2023-09-01T18:41:47.820Z",
"dateReserved": "2023-03-20T17:41:17.600Z",
"dateUpdated": "2024-10-01T13:08:45.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27352
Vulnerability from cvelistv5
Published
2024-06-21 20:06
Modified
2024-08-04 16:11
Severity ?
EPSS score ?
Summary
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/snapd/+bug/1910456 | issue-tracking | |
| https://ubuntu.com/security/notices/USN-4728-1 | vendor-advisory | |
| https://www.cve.org/CVERecord?id=CVE-2020-27352 | issue-tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | snapd |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapd",
"vendor": "canonical",
"versions": [
{
"lessThan": "2.48.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-27352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:14:07.392127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T20:56:52.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/snapd/+bug/1910456"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-4728-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "snapd",
"platforms": [
"Linux"
],
"product": "snapd",
"repo": "https://github.com/snapcore/snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.48.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gilad Reti"
},
{
"lang": "en",
"type": "finder",
"value": "Nimrod Stoler"
}
],
"descriptions": [
{
"lang": "en",
"value": "When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T20:06:37.992Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/snapd/+bug/1910456"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-4728-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27352"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-27352",
"datePublished": "2024-06-21T20:06:37.992Z",
"dateReserved": "2020-10-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:11:36.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44730
Vulnerability from cvelistv5
Published
2022-02-17 22:15
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5292-1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/02/18/2 | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.debian.org/security/2022/dsa-5080 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2022/02/23/1 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | snapd |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:12.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
},
{
"name": "DSA-5080",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5080"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "2.54.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Qualys Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T12:06:05",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
},
{
"name": "DSA-5080",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5080"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "snapd could be made to escalate privileges and run programs as administrator",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2021-44730",
"STATE": "PUBLIC",
"TITLE": "snapd could be made to escalate privileges and run programs as administrator"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snapd",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.54.2"
}
]
}
}
]
},
"vendor_name": "Canonical Ltd."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Qualys Research Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/security/notices/USN-5292-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
},
{
"name": "DSA-5080",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5080"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-44730",
"datePublished": "2022-02-17T22:15:18",
"dateReserved": "2021-12-08T00:00:00",
"dateUpdated": "2024-08-04T04:32:12.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3328
Vulnerability from cvelistv5
Published
2024-01-08 18:04
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
Race condition in snap-confine's must_mkdir_and_open_with_perms()
References
| ▼ | URL | Tags |
|---|---|---|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 | issue-tracking | |
| https://ubuntu.com/security/notices/USN-5753-1 | third-party-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | snapd |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5753-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "snapd",
"platforms": [
"Linux"
],
"product": "snapd",
"repo": "https://github.com/snapcore/snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.61.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qualys"
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in snap-confine\u0027s must_mkdir_and_open_with_perms()"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T18:04:10.534Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5753-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-3328",
"datePublished": "2024-01-08T18:04:10.534Z",
"dateReserved": "2022-09-27T00:03:34.151Z",
"dateUpdated": "2024-08-03T01:07:06.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4120
Vulnerability from cvelistv5
Published
2022-02-17 22:15
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5292-1 | x_refsource_MISC | |
| https://bugs.launchpad.net/snapd/+bug/1949368 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/02/18/2 | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | snapd |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/snapd/+bug/1949368"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "2.54.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ian Johnson"
}
],
"descriptions": [
{
"lang": "en",
"value": "snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-20T02:06:22",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/snapd/+bug/1949368"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
}
],
"source": {
"defect": [
"https://launchpad.net/bugs/1949368"
],
"discovery": "INTERNAL"
},
"title": "snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2021-4120",
"STATE": "PUBLIC",
"TITLE": "snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snapd",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.54.2"
}
]
}
}
]
},
"vendor_name": "Canonical Ltd."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ian Johnson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/security/notices/USN-5292-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "https://bugs.launchpad.net/snapd/+bug/1949368",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/snapd/+bug/1949368"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
}
]
},
"source": {
"defect": [
"https://launchpad.net/bugs/1949368"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-4120",
"datePublished": "2022-02-17T22:15:21",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5138
Vulnerability from cvelistv5
Published
2024-05-31 21:02
Modified
2024-09-06 19:48
Severity ?
EPSS score ?
Summary
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | snapd |
Version: 0 < 68ee9c6aa916ab87dbfd9a26030690f2cabf1e14 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/snapd/+bug/2065077"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5138"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapd",
"vendor": "canonical",
"versions": [
{
"lessThan": "68ee9c6aa916ab87dbfd9a26030690f2cabf1e14",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5138",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T19:03:04.672013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:48:49.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "snapd",
"platforms": [
"Linux"
],
"product": "snapd",
"repo": "https://github.com/snapcore/snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "68ee9c6aa916ab87dbfd9a26030690f2cabf1e14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rory McNamara from Snyk Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"value": "The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar."
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T01:17:51.897Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/snapd/+bug/2065077"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5138"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-5138",
"datePublished": "2024-05-31T21:02:19.979Z",
"dateReserved": "2024-05-19T22:29:02.330Z",
"dateUpdated": "2024-09-06T19:48:49.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}