Описание
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.1.1 (включая)
cpe:2.3:a:bubblewrap_project:bubblewrap:*:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
7 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 7
ubuntu
почти 9 лет назад
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
CVSS3: 7
debian
почти 9 лет назад
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might all ...
CVSS3: 7
github
больше 3 лет назад
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
EPSS
Процентиль: 20%
0.00064
Низкий
7 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-264