Описание
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
Ссылки
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does no ...
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
EPSS
8.8 High
CVSS3
4.6 Medium
CVSS2