CVE-2019-11502

Опубликовано: 24 апр. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.

Ссылки

http://www.openwall.com/lists/oss-security/2019/04/25/7
Third Party Advisory
https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
Patch
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/04/18/4
Exploit
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/04/25/7
Third Party Advisory
https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
Patch
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/04/18/4
Exploit
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*

Версия до 2.38 (исключая)

EPSS

Процентиль: 69%

0.00604

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2019-11502

CVSS3: 7.5

ubuntu

почти 7 лет назад

CVE-2019-11502

CVSS3: 7.5

debian

почти 7 лет назад

snap-confine in snapd before 2.38 incorrectly set the ownership of a s ...

GHSA-hhc7-jq5j-875q

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 69%

0.00604

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59