Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2021-01908

Опубликовано: 02 мар. 2021
Источник: fstec
CVSS3: 9.3
CVSS2: 5.8
EPSS Низкий

Описание

Уязвимость опции file forwarding инструмента для управления приложениями и средами Flatpak связана с неверной нейтрализация особых элементов в выходных данных. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным и нарушить их целостность

Вендор

Red Hat Inc.
Сообщество свободного программного обеспечения
Fedora Project

Наименование ПО

Red Hat Enterprise Linux
Debian GNU/Linux
Fedora
Flatpak

Версия ПО

7 (Red Hat Enterprise Linux)
9 (Debian GNU/Linux)
8 (Red Hat Enterprise Linux)
10 (Debian GNU/Linux)
33 (Fedora)
34 (Fedora)
от 0.9.4 до 1.10.2 (Flatpak)

Тип ПО

Операционная система
ПО виртуализации/ПО виртуального программно-аппаратного средства

Операционные системы и аппаратные платформы

Red Hat Inc. Red Hat Enterprise Linux 7
Сообщество свободного программного обеспечения Debian GNU/Linux 9
Red Hat Inc. Red Hat Enterprise Linux 8
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Fedora Project Fedora 33
Fedora Project Fedora 34

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 5,8)
Критический уровень опасности (базовая оценка CVSS 3.0 составляет 9,3)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для Flatpak:
Обновление программного обеспечения до 1.10.2-1 или более поздней версии
Для Debian:
Обновление программного обеспечения (пакета flatpak) до 0.8.9-0+deb9u2 или более поздней версии
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MXXLXC2DPJ45HSMTI5MZYHMYEGQN6AA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXNVFOIB6ZP4DGOVKAM25T6OIEP3YLGV/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2021-21381

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует в открытом доступе

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 31%
0.00118
Низкий

9.3 Critical

CVSS3

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2021-21381

CVSS3: 7.1
ubuntu
почти 5 лет назад

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted s...

redhat логотип

CVE-2021-21381

CVSS3: 8.1
redhat
почти 5 лет назад

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted s...

nvd логотип

CVE-2021-21381

CVSS3: 7.1
nvd
почти 5 лет назад

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sour

debian логотип

CVE-2021-21381

CVSS3: 7.1
debian
почти 5 лет назад

Flatpak is a system for building, distributing, and running sandboxed ...

oracle-oval логотип

ELSA-2021-1068

oracle-oval
почти 5 лет назад

ELSA-2021-1068: flatpak security update (IMPORTANT)

EPSS

Процентиль: 31%
0.00118
Низкий

9.3 Critical

CVSS3

5.8 Medium

CVSS2