Search criteria
51 vulnerabilities by Canonical Ltd.
CVE-2023-5616 (GCVE-0-2023-5616)
Vulnerability from cvelistv5 – Published: 2025-04-15 18:29 – Updated: 2025-04-15 20:51
VLAI?
Summary
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
Severity ?
4.9 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu's gnome-control-center |
Affected:
1:45 , < 1:45.0-1ubuntu3.1
(deb)
Affected: 1:44 , < 1:44.0-1ubuntu6.1 (deb) Affected: 1:41 , < 1:41.7-0ubuntu0.22.04.8 (deb) Affected: 1:3 , < 1:3.36.5-0ubuntu4.1 (deb) |
Credits
Zygmunt Krynicki
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-5616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T20:51:27.350779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T20:51:31.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "Ubuntu\u0027s gnome-control-center",
"platforms": [
"Linux"
],
"product": "Ubuntu\u0027s gnome-control-center",
"repo": "https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "1:45.0-1ubuntu3.1",
"status": "affected",
"version": "1:45",
"versionType": "deb"
},
{
"lessThan": "1:44.0-1ubuntu6.1",
"status": "affected",
"version": "1:44",
"versionType": "deb"
},
{
"lessThan": "1:41.7-0ubuntu0.22.04.8",
"status": "affected",
"version": "1:41",
"versionType": "deb"
},
{
"lessThan": "1:3.36.5-0ubuntu4.1",
"status": "affected",
"version": "1:3",
"versionType": "deb"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zygmunt Krynicki"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user."
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:29:54.565Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6554-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://ubuntu.com/security/CVE-2023-5616"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-5616",
"datePublished": "2025-04-15T18:29:54.565Z",
"dateReserved": "2023-10-17T15:39:21.769Z",
"dateUpdated": "2025-04-15T20:51:31.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0092 (GCVE-0-2023-0092)
Vulnerability from cvelistv5 – Published: 2025-01-31 01:41 – Updated: 2025-02-07 16:10
VLAI?
Summary
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Affected:
2.9.22 , < 2.9.38
(semver)
Affected: 3.0.0 , < 3.0.3 (semver) Affected: 2.9.38 , < 3.0.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:10:08.920084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:10:14.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.9.38",
"status": "affected",
"version": "2.9.22",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "2.9.38",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller\u0027s filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T01:41:46.439Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/advisories/GHSA-x5rv-w9pm-8qp8"
},
{
"tags": [
"patch"
],
"url": "https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-0092",
"datePublished": "2025-01-31T01:41:46.439Z",
"dateReserved": "2023-01-05T20:43:04.614Z",
"dateUpdated": "2025-02-07T16:10:14.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1736 (GCVE-0-2022-1736)
Vulnerability from cvelistv5 – Published: 2025-01-31 01:35 – Updated: 2025-02-07 16:07
VLAI?
Summary
Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu's gnome-control-center |
Affected:
0 , < 42.1.1-2ubuntu1
(semver)
|
Credits
Jeremy Bícha
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:07:43.557407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:07:47.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "Ubuntu\u0027s gnome-control-center",
"platforms": [
"Linux"
],
"product": "Ubuntu\u0027s gnome-control-center",
"repo": "https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "42.1.1-2ubuntu1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeremy B\u00edcha"
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu\u0027s configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default."
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T01:35:46.759Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5430-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028"
},
{
"tags": [
"issue-tracking"
],
"url": "https://ubuntu.com/security/CVE-2022-1736"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-1736",
"datePublished": "2025-01-31T01:35:46.759Z",
"dateReserved": "2022-05-16T19:14:42.013Z",
"dateUpdated": "2025-02-07T16:07:47.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11936 (GCVE-0-2020-11936)
Vulnerability from cvelistv5 – Published: 2025-01-31 01:18 – Updated: 2025-02-07 16:08
VLAI?
Summary
gdbus setgid privilege escalation
Severity ?
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.20.11-0ubuntu27.6
(semver)
|
Credits
Ryota Shiga
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:58:53.328091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:08:28.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.20.11-0ubuntu27.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ryota Shiga"
}
],
"descriptions": [
{
"lang": "en",
"value": "gdbus setgid privilege escalation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T01:34:55.184Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11936"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-11936",
"datePublished": "2025-01-31T01:18:21.509Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:08:28.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28653 (GCVE-0-2022-28653)
Vulnerability from cvelistv5 – Published: 2025-01-31 00:50 – Updated: 2025-02-07 15:56
VLAI?
Summary
Users can consume unlimited disk space in /var/crash
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:56:07.428006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:56:12.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Users can consume unlimited disk space in /var/crash"
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T00:50:49.677Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28653"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28653",
"datePublished": "2025-01-31T00:50:49.677Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2025-02-07T15:56:12.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6219 (GCVE-0-2024-6219)
Vulnerability from cvelistv5 – Published: 2024-12-05 23:13 – Updated: 2025-08-28 13:29
VLAI?
Summary
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | LXD |
Affected:
0 , < 5.21.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6219",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:39:00.858631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:29:18.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "lxd",
"platforms": [
"Linux"
],
"product": "LXD",
"repo": "https://github.com/canonical/lxd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "5.21.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mark Laing discovered in LXD\u0027s PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T23:13:19.635Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6219"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6219",
"datePublished": "2024-12-05T23:13:19.635Z",
"dateReserved": "2024-06-20T17:41:42.692Z",
"dateUpdated": "2025-08-28T13:29:18.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6156 (GCVE-0-2024-6156)
Vulnerability from cvelistv5 – Published: 2024-12-05 23:11 – Updated: 2025-03-18 15:58
VLAI?
Summary
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | LXD |
Affected:
4.0 , < 4.0.10
(semver)
Affected: 4.0 , < 5.0.4 (semver) Affected: 4.0 , < 5.21.2 (semver) Affected: 4.0 , < 6.1 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lxd",
"vendor": "canonical",
"versions": [
{
"lessThan": "5.21.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6156",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:39:16.738252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:58:10.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "lxd",
"platforms": [
"Linux"
],
"product": "LXD",
"repo": "https://github.com/canonical/lxd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.0.4",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.21.2",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "6.1",
"status": "affected",
"version": "4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mark Laing discovered that LXD\u0027s PKI mode, until version 5.21.2, could be bypassed if the client\u0027s certificate was present in the trust store."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T18:07:48.004Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6156"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6156",
"datePublished": "2024-12-05T23:11:04.815Z",
"dateReserved": "2024-06-18T22:34:39.949Z",
"dateUpdated": "2025-03-18T15:58:10.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11586 (GCVE-0-2024-11586)
Vulnerability from cvelistv5 – Published: 2024-11-23 02:05 – Updated: 2024-11-25 17:32
VLAI?
Summary
Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.
Severity ?
4 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu's pulseaudio |
Affected:
0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:32:19.469940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:32:23.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "pulseaudio",
"platforms": [
"Linux"
],
"product": "Ubuntu\u0027s pulseaudio",
"repo": "https://launchpad.net/ubuntu/+source/pulseaudio",
"vendor": "Canonical Ltd.",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu\u0027s implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T02:05:58.503Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11586"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-11586",
"datePublished": "2024-11-23T02:05:58.503Z",
"dateReserved": "2024-11-20T23:26:19.179Z",
"dateUpdated": "2024-11-25T17:32:23.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9312 (GCVE-0-2024-9312)
Vulnerability from cvelistv5 – Published: 2024-10-10 13:42 – Updated: 2024-10-10 14:55
VLAI?
Summary
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Authd |
Affected:
0 , < 0.3.6
(semver)
|
Credits
nicoo
Michael Gebetsroither
Jamie Bliss
Adrian Dombeck
Mark Esler
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubuntu:authd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "authd",
"vendor": "ubuntu",
"versions": [
{
"lessThan": "0.3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:53:16.310907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:55:40.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "authd",
"platforms": [
"Linux"
],
"product": "Authd",
"repo": "https://github.com/ubuntu/authd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "0.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "nicoo"
},
{
"lang": "en",
"type": "analyst",
"value": "Michael Gebetsroither"
},
{
"lang": "en",
"type": "analyst",
"value": "Jamie Bliss"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Adrian Dombeck"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user\u0027s ID and gain their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-286",
"description": "CWE-286",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:42:31.950Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9312"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-9312",
"datePublished": "2024-10-10T13:42:31.950Z",
"dateReserved": "2024-09-27T23:20:44.757Z",
"dateUpdated": "2024-10-10T14:55:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9313 (GCVE-0-2024-9313)
Vulnerability from cvelistv5 – Published: 2024-10-03 11:04 – Updated: 2024-11-22 19:03
VLAI?
Summary
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.
Severity ?
8.8 (High)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Authd |
Affected:
0 , < 0.3.5
(semver)
|
Credits
Marco Trevisan
Didier Roche-Tolomelli
Mark Esler
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:20:32.733162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T19:03:50.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "authd",
"platforms": [
"Linux"
],
"product": "Authd",
"repo": "https://github.com/ubuntu/authd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "0.3.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Trevisan"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Didier Roche-Tolomelli"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T11:04:00.474Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-9313",
"datePublished": "2024-10-03T11:04:00.474Z",
"dateReserved": "2024-09-27T23:20:52.963Z",
"dateUpdated": "2024-11-22T19:03:50.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8038 (GCVE-0-2024-8038)
Vulnerability from cvelistv5 – Published: 2024-10-02 10:12 – Updated: 2024-10-02 13:53
VLAI?
Summary
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
Severity ?
7.9 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Affected:
3.5 , < 3.5.4
(semver)
Affected: 3.4 , < 3.4.6 (semver) Affected: 3.3 , < 3.3.7 (semver) Affected: 3.1 , < 3.1.10 (semver) Affected: 2.9 , < 2.9.51 (semver) |
Credits
Harry Pidcock
Harry Pidcock
Mark Esler
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:52:58.112532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:53:24.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.51",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T10:12:38.806Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8038"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-8038",
"datePublished": "2024-10-02T10:12:38.806Z",
"dateReserved": "2024-08-21T01:05:01.458Z",
"dateUpdated": "2024-10-02T13:53:24.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8037 (GCVE-0-2024-8037)
Vulnerability from cvelistv5 – Published: 2024-10-02 10:12 – Updated: 2024-11-01 15:31
VLAI?
Summary
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.
Severity ?
6.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Affected:
3.5 , < 3.5.4
(semver)
Affected: 3.4 , < 3.4.6 (semver) Affected: 3.3 , < 3.3.7 (semver) Affected: 3.1 , < 3.1.10 (semver) Affected: 2.9 , < 2.9.51 (semver) |
Credits
Pedro Guimaraes
Harry Pidcock
Mark Esler
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:56:28.477251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:31:40.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.51",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Guimaraes"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T10:12:32.318Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8037"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-8037",
"datePublished": "2024-10-02T10:12:32.318Z",
"dateReserved": "2024-08-21T00:45:34.399Z",
"dateUpdated": "2024-11-01T15:31:40.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7558 (GCVE-0-2024-7558)
Vulnerability from cvelistv5 – Published: 2024-10-02 10:06 – Updated: 2024-10-02 13:59
VLAI?
Summary
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
Severity ?
8.7 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Affected:
3.5 , < 3.5.4
(semver)
Affected: 3.4 , < 3.4.6 (semver) Affected: 3.3 , < 3.3.7 (semver) Affected: 3.1 , < 3.1.10 (semver) Affected: 2.9 , < 2.9.51 (semver) |
Credits
Harry Pidcock
Harry Pidcock
Mark Esler
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:58:28.823188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:59:04.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.51",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340: Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391: Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T10:06:31.098Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7558"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-7558",
"datePublished": "2024-10-02T10:06:31.098Z",
"dateReserved": "2024-08-06T13:45:13.579Z",
"dateUpdated": "2024-10-02T13:59:04.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8287 (GCVE-0-2024-8287)
Vulnerability from cvelistv5 – Published: 2024-09-18 18:35 – Updated: 2024-09-19 20:25
VLAI?
Summary
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Anbox Cloud |
Affected:
1.17.0 , < 1.23.1
(semver)
|
Credits
Simon Fels
Simon Fels
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:anbox_cloud:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anbox_cloud",
"vendor": "canonical",
"versions": [
{
"lessThan": "1.23.1",
"status": "affected",
"version": "1.17.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T20:23:48.348893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T20:25:24.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "anbox",
"platforms": [
"Linux"
],
"product": "Anbox Cloud",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "1.23.1",
"status": "affected",
"version": "1.17.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simon Fels"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Simon Fels"
}
],
"descriptions": [
{
"lang": "en",
"value": "Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:52:28.961Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/anbox-cloud/+bug/2077570"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8287"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-8287",
"datePublished": "2024-09-18T18:35:25.803Z",
"dateReserved": "2024-08-28T19:43:49.942Z",
"dateUpdated": "2024-09-19T20:25:24.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5290 (GCVE-0-2024-5290)
Vulnerability from cvelistv5 – Published: 2024-08-07 08:14 – Updated: 2024-09-18 15:39
VLAI?
Summary
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
Severity ?
8.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | wpa_supplicant |
Affected:
2:2.10-15 , < 2:2.10-21ubuntu0.1
(semver)
Affected: 2:2.9.0-21build1 , < 2:2.10-6ubuntu2.1 (semver) Affected: 2:2.9-1ubuntu2 , < 2:2.9-1ubuntu4.4 (semver) Affected: 2.4-0ubuntu10 , < 2:2.6-15ubuntu2.8+esm1 (semver) Affected: 2.4-0ubuntu3 , < 2.4-0ubuntu6.8+esm1 (semver) Affected: 2.1-0ubuntu1 , < 2.1-0ubuntu1.7+esm5 (semver) |
Credits
Rory McNamara
Marc Deslauriers
Sudhakar Verma
Mark Esler
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wpa_supplicant",
"vendor": "w1.fi",
"versions": [
{
"lessThan": "2:2.10-21ubuntu0.1",
"status": "affected",
"version": "2:2.10-15",
"versionType": "semver"
},
{
"lessThan": "2:2.10-6ubuntu2.1",
"status": "affected",
"version": "2:2.9.0-21build1",
"versionType": "semver"
},
{
"lessThan": "2:2.9-1ubuntu4.4",
"status": "affected",
"version": "2:2.9-1ubuntu2",
"versionType": "semver"
},
{
"lessThan": "2:2.6-15ubuntu2.8+esm1",
"status": "affected",
"version": "2.4-0ubuntu10",
"versionType": "semver"
},
{
"lessThan": "2.4-0ubuntu6.8+esm1",
"status": "affected",
"version": "2.4-0ubuntu3",
"versionType": "semver"
},
{
"lessThan": "2.1-0ubuntu1.7+esm5",
"status": "affected",
"version": "2.1-0ubuntu1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5290",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:37:32.036314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:39:53.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/ubuntu/+source/",
"defaultStatus": "unaffected",
"modules": [
"runtime API to load OpenSC module or PKCS11 engine or module"
],
"packageName": "wpa",
"platforms": [
"Linux"
],
"product": "wpa_supplicant",
"programFiles": [
"src/crypto/tls_openssl.c"
],
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2:2.10-21ubuntu0.1",
"status": "affected",
"version": "2:2.10-15",
"versionType": "semver"
},
{
"lessThan": "2:2.10-6ubuntu2.1",
"status": "affected",
"version": "2:2.9.0-21build1",
"versionType": "semver"
},
{
"lessThan": "2:2.9-1ubuntu4.4",
"status": "affected",
"version": "2:2.9-1ubuntu2",
"versionType": "semver"
},
{
"lessThan": "2:2.6-15ubuntu2.8+esm1",
"status": "affected",
"version": "2.4-0ubuntu10",
"versionType": "semver"
},
{
"lessThan": "2.4-0ubuntu6.8+esm1",
"status": "affected",
"version": "2.4-0ubuntu3",
"versionType": "semver"
},
{
"lessThan": "2.1-0ubuntu1.7+esm5",
"status": "affected",
"version": "2.1-0ubuntu1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rory McNamara"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Marc Deslauriers"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Sudhakar Verma"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).\n\n\n\n\nMembership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist."
}
],
"impacts": [
{
"capecId": "CAPEC-641",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-641 DLL Side-Loading"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:45:47.115Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613"
},
{
"url": "https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/"
},
{
"url": "https://ubuntu.com/security/notices/USN-6945-1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-5290",
"datePublished": "2024-08-07T08:14:08.153Z",
"dateReserved": "2024-05-23T21:10:21.160Z",
"dateUpdated": "2024-09-18T15:39:53.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6984 (GCVE-0-2024-6984)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:04 – Updated: 2024-08-01 21:45
VLAI?
Summary
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
Severity ?
8.8 (High)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Affected:
3.5 , < 3.5.3
(semver)
Affected: 3.4 , < 3.4.5 (semver) Affected: 3.3 , < 3.3.5 (semver) Affected: 3.1 , < 3.1.9 (semver) Affected: 2.9 , < 2.9.50 (semver) |
Credits
Pedro Valverde Guimaraes
Joe Phillips
Mark Esler
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "juju",
"vendor": "canonical",
"versions": [
{
"lessThan": "2.9.50",
"status": "affected",
"version": "2.9",
"versionType": "semver"
},
{
"lessThan": "3.1.9",
"status": "affected",
"version": "3.1",
"versionType": "custom"
},
{
"lessThan": "3.3.5",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T14:37:36.928450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T14:41:50.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:45:38.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "juju",
"platforms": [
"Linux",
"MacOS",
"Windows"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.5",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.9",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.50",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Valverde Guimaraes"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Joe Phillips"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T14:04:05.925Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6984"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6984",
"datePublished": "2024-07-29T14:04:05.925Z",
"dateReserved": "2024-07-22T21:29:24.954Z",
"dateUpdated": "2024-08-01T21:45:38.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6714 (GCVE-0-2024-6714)
Vulnerability from cvelistv5 – Published: 2024-07-23 15:46 – Updated: 2024-08-01 21:41
VLAI?
Summary
An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu Desktop Provision |
Affected:
0 , < 0.1.5
(semver)
|
Credits
James Henstridge
Matthew Gary Hagemann
Luci Stanescu
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:ubuntu_desktop_provision:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ubuntu_desktop_provision",
"vendor": "canonical",
"versions": [
{
"lessThan": "0.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T19:00:37.866400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T19:04:10.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/canonical/ubuntu-desktop-provision/commit/8d9086de0f82894ff27a9e429ff4f45231020092"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "provd",
"platforms": [
"Linux"
],
"product": "Ubuntu Desktop Provision",
"repo": "https://github.com/canonical/ubuntu-desktop-provision",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "0.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Henstridge"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Matthew Gary Hagemann"
},
{
"lang": "en",
"type": "coordinator",
"value": "Luci Stanescu"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T15:46:58.102Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/canonical/ubuntu-desktop-provision/commit/8d9086de0f82894ff27a9e429ff4f45231020092"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6714"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6714",
"datePublished": "2024-07-23T15:46:58.102Z",
"dateReserved": "2024-07-12T14:11:48.205Z",
"dateUpdated": "2024-08-01T21:41:04.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6388 (GCVE-0-2024-6388)
Vulnerability from cvelistv5 – Published: 2024-06-27 15:39 – Updated: 2024-08-01 21:41
VLAI?
Summary
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.
Severity ?
5.9 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu Advantage Desktop Pro |
Affected:
0 , < 1.12
(semver)
|
Credits
Marco Trevisan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_advantage_desktop_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ubuntu_advantage_desktop_pro",
"vendor": "canonical",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6388",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T18:48:51.687477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T18:25:45.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "ubuntu-advantage-desktop-daemon",
"platforms": [
"Linux"
],
"product": "Ubuntu Advantage Desktop Pro",
"repo": "https://github.com/canonical/ubuntu-advantage-desktop-daemon",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Trevisan"
}
],
"descriptions": [
{
"lang": "en",
"value": "Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T15:39:04.168Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6388",
"datePublished": "2024-06-27T15:39:04.168Z",
"dateReserved": "2024-06-27T14:21:13.801Z",
"dateUpdated": "2024-08-01T21:41:03.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27352 (GCVE-0-2020-27352)
Vulnerability from cvelistv5 – Published: 2024-06-21 20:06 – Updated: 2024-08-04 16:11
VLAI?
Summary
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.
Severity ?
9.3 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | snapd |
Affected:
0 , < 2.48.3
(semver)
|
Credits
Gilad Reti
Nimrod Stoler
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapd",
"vendor": "canonical",
"versions": [
{
"lessThan": "2.48.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-27352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:14:07.392127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T20:56:52.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/snapd/+bug/1910456"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-4728-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "snapd",
"platforms": [
"Linux"
],
"product": "snapd",
"repo": "https://github.com/snapcore/snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.48.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gilad Reti"
},
{
"lang": "en",
"type": "finder",
"value": "Nimrod Stoler"
}
],
"descriptions": [
{
"lang": "en",
"value": "When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T20:06:37.992Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/snapd/+bug/1910456"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-4728-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27352"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-27352",
"datePublished": "2024-06-21T20:06:37.992Z",
"dateReserved": "2020-10-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:11:36.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4968 (GCVE-0-2022-4968)
Vulnerability from cvelistv5 – Published: 2024-06-07 00:14 – Updated: 2024-08-03 01:55
VLAI?
Summary
netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Netplan |
Affected:
0 , ≤ 1.0
(semver)
|
Credits
Andreas Hasenack
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:32:34.883777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:32:45.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:46.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/netplan/+bug/1987842"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2065738"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "netplan.io",
"platforms": [
"Linux"
],
"product": "Netplan",
"repo": "https://github.com/canonical/netplan",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andreas Hasenack"
}
],
"descriptions": [
{
"lang": "en",
"value": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T21:30:24.017Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/netplan/+bug/1987842"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2065738"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-4968",
"datePublished": "2024-06-07T00:14:22.528Z",
"dateReserved": "2024-05-23T21:59:38.511Z",
"dateUpdated": "2024-08-03T01:55:46.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28658 (GCVE-0-2022-28658)
Vulnerability from cvelistv5 – Published: 2024-06-04 22:03 – Updated: 2024-10-27 14:58
VLAI?
Summary
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
Severity ?
5.5 (Medium)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:49:23.848642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T14:58:19.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T22:03:53.633Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28658",
"datePublished": "2024-06-04T22:03:53.633Z",
"dateReserved": "2022-04-05T02:16:30.820Z",
"dateUpdated": "2024-10-27T14:58:19.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28657 (GCVE-0-2022-28657)
Vulnerability from cvelistv5 – Published: 2024-06-04 22:02 – Updated: 2024-08-03 05:56
VLAI?
Summary
Apport does not disable python crash handler before entering chroot
Severity ?
7.8 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apport",
"vendor": "canonical",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T16:10:45.492438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T16:14:22.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport does not disable python crash handler before entering chroot"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T22:02:26.017Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28657",
"datePublished": "2024-06-04T22:02:26.017Z",
"dateReserved": "2022-04-05T02:16:30.820Z",
"dateUpdated": "2024-08-03T05:56:16.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28656 (GCVE-0-2022-28656)
Vulnerability from cvelistv5 – Published: 2024-06-04 21:58 – Updated: 2025-03-19 17:42
VLAI?
Summary
is_closing_session() allows users to consume RAM in the Apport process
Severity ?
5.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T15:36:41.217327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:42:19.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to consume RAM in the Apport process"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:58:44.839Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28656",
"datePublished": "2024-06-04T21:58:44.839Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2025-03-19T17:42:19.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28655 (GCVE-0-2022-28655)
Vulnerability from cvelistv5 – Published: 2024-06-04 21:56 – Updated: 2024-10-27 17:49
VLAI?
Summary
is_closing_session() allows users to create arbitrary tcp dbus connections
Severity ?
7.1 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:08:24.480412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T17:49:04.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to create arbitrary tcp dbus connections"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:56:50.616Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28655",
"datePublished": "2024-06-04T21:56:50.616Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2024-10-27T17:49:04.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28654 (GCVE-0-2022-28654)
Vulnerability from cvelistv5 – Published: 2024-06-04 21:54 – Updated: 2024-10-27 17:48
VLAI?
Summary
is_closing_session() allows users to fill up apport.log
Severity ?
5.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T20:34:31.535447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T17:48:06.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to fill up apport.log"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:54:37.199Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28654",
"datePublished": "2024-06-04T21:54:37.199Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2024-10-27T17:48:06.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28652 (GCVE-0-2022-28652)
Vulnerability from cvelistv5 – Published: 2024-06-04 21:38 – Updated: 2025-03-13 18:21
VLAI?
Summary
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
Severity ?
5.5 (Medium)
CWE
- CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:47:40.492996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T18:21:18.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "~/.config/apport/settings parsing is vulnerable to \"billion laughs\" attack"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:38:44.324Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28652",
"datePublished": "2024-06-04T21:38:44.324Z",
"dateReserved": "2022-04-05T02:16:30.818Z",
"dateUpdated": "2025-03-13T18:21:18.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1242 (GCVE-0-2022-1242)
Vulnerability from cvelistv5 – Published: 2024-06-03 18:48 – Updated: 2025-03-27 19:31
VLAI?
Summary
Apport can be tricked into connecting to arbitrary sockets as the root user
Severity ?
7.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T20:28:52.542056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:31:12.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport can be tricked into connecting to arbitrary sockets as the root user"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:48:02.281Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-1242",
"datePublished": "2024-06-03T18:48:02.281Z",
"dateReserved": "2022-04-05T14:45:10.551Z",
"dateUpdated": "2025-03-27T19:31:12.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3899 (GCVE-0-2021-3899)
Vulnerability from cvelistv5 – Published: 2024-06-03 18:40 – Updated: 2024-08-19 14:10
VLAI?
Summary
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
Severity ?
7.8 (High)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Muqing Liu from Singurlar Security Lab
neoni
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apport:apport:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apport",
"vendor": "apport",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T14:09:25.391252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T14:10:41.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muqing Liu from Singurlar Security Lab"
},
{
"lang": "en",
"type": "finder",
"value": "neoni"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a race condition in the \u0027replaced executable\u0027 detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root."
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:40:32.847Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3899",
"datePublished": "2024-06-03T18:40:32.847Z",
"dateReserved": "2021-10-23T01:51:35.297Z",
"dateUpdated": "2024-08-19T14:10:41.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0555 (GCVE-0-2022-0555)
Vulnerability from cvelistv5 – Published: 2024-06-03 18:17 – Updated: 2024-08-02 23:32
VLAI?
Summary
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
Severity ?
8.4 (High)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | subiquity |
Affected:
0 , < 22.02.1
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "subiquity",
"vendor": "canonical",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T17:41:55.971187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:51:14.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:17:35.956Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-0555",
"datePublished": "2024-06-03T18:17:35.956Z",
"dateReserved": "2022-02-10T02:44:55.484Z",
"dateUpdated": "2024-08-02T23:32:46.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5138 (GCVE-0-2024-5138)
Vulnerability from cvelistv5 – Published: 2024-05-31 21:02 – Updated: 2024-09-06 19:48
VLAI?
Summary
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.
Severity ?
8.1 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | snapd |
Affected:
0 , < 68ee9c6aa916ab87dbfd9a26030690f2cabf1e14
(custom)
|
Credits
Rory McNamara from Snyk Security Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/snapd/+bug/2065077"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5138"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapd",
"vendor": "canonical",
"versions": [
{
"lessThan": "68ee9c6aa916ab87dbfd9a26030690f2cabf1e14",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5138",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T19:03:04.672013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:48:49.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "snapd",
"platforms": [
"Linux"
],
"product": "snapd",
"repo": "https://github.com/snapcore/snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "68ee9c6aa916ab87dbfd9a26030690f2cabf1e14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rory McNamara from Snyk Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"value": "The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar."
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T01:17:51.897Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/snapd/+bug/2065077"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5138"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-5138",
"datePublished": "2024-05-31T21:02:19.979Z",
"dateReserved": "2024-05-19T22:29:02.330Z",
"dateUpdated": "2024-09-06T19:48:49.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}