Описание
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingPatch
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingPatch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.27 (включая) до 2.29.2 (включая)
cpe:2.3:a:snapcraft:snapd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01172
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-755
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 8 лет назад
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.
CVSS3: 7.5
debian
около 8 лет назад
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to ...
EPSS
Процентиль: 78%
0.01172
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-755