cve-2024-5138
Vulnerability from cvelistv5
Published
2024-05-31 21:02
Modified
2024-09-06 19:48
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.
References
security@ubuntu.comhttps://bugs.launchpad.net/snapd/+bug/2065077
security@ubuntu.comhttps://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14
security@ubuntu.comhttps://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46
security@ubuntu.comhttps://www.cve.org/CVERecord?id=CVE-2024-5138
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/snapd/+bug/2065077
af854a3a-2127-422b-91ae-364da2661108https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14
af854a3a-2127-422b-91ae-364da2661108https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46
af854a3a-2127-422b-91ae-364da2661108https://www.cve.org/CVERecord?id=CVE-2024-5138
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:10.778Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/snapd/+bug/2065077"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://www.cve.org/CVERecord?id=CVE-2024-5138"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapd",
            "vendor": "canonical",
            "versions": [
              {
                "lessThan": "68ee9c6aa916ab87dbfd9a26030690f2cabf1e14",
                "status": "affected",
                "version": "0",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-5138",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T19:03:04.672013Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T19:48:49.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "packageName": "snapd",
          "platforms": [
            "Linux"
          ],
          "product": "snapd",
          "repo": "https://github.com/snapcore/snapd",
          "vendor": "Canonical Ltd.",
          "versions": [
            {
              "lessThan": "68ee9c6aa916ab87dbfd9a26030690f2cabf1e14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rory McNamara from Snyk Security Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-19T01:17:51.897Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugs.launchpad.net/snapd/+bug/2065077"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-5138"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2024-5138",
    "datePublished": "2024-05-31T21:02:19.979Z",
    "dateReserved": "2024-05-19T22:29:02.330Z",
    "dateUpdated": "2024-09-06T19:48:49.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-5138\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2024-05-31T21:15:09.930\",\"lastModified\":\"2024-11-21T09:47:03.263\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.\"},{\"lang\":\"es\",\"value\":\"El componente snapctl dentro de snapd permite que un complemento confinado interact\u00fae con el daemon snapd para realizar ciertas acciones privilegiadas en nombre del complemento. Se descubri\u00f3 que snapctl no analizaba adecuadamente los argumentos de la l\u00ednea de comandos, lo que permit\u00eda a un usuario sin privilegios activar una acci\u00f3n autorizada en nombre del complemento que normalmente requerir\u00eda privilegios de administrador para realizarse. Esto posiblemente podr\u00eda permitir que un usuario sin privilegios realice una denegaci\u00f3n de servicio o algo similar.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://bugs.launchpad.net/snapd/+bug/2065077\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2024-5138\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://bugs.launchpad.net/snapd/+bug/2065077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2024-5138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.