CVE-2019-11503

Опубликовано: 24 апр. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."

Ссылки

http://www.openwall.com/lists/oss-security/2019/04/25/7
Third Party Advisory
https://github.com/snapcore/snapd/pull/6642
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VACEKVQ7UAZ32WO4ZKCFW6YOBSYJ76L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPU6APEZHAA7N2AI57OT4J2P7NKHFOLM/
https://www.openwall.com/lists/oss-security/2019/04/18/4
Exploit
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/04/25/7
Third Party Advisory
https://github.com/snapcore/snapd/pull/6642
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VACEKVQ7UAZ32WO4ZKCFW6YOBSYJ76L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPU6APEZHAA7N2AI57OT4J2P7NKHFOLM/
https://www.openwall.com/lists/oss-security/2019/04/18/4
Exploit
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*

Версия до 2.39 (исключая)

EPSS

Процентиль: 64%

0.00475

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2019-11503

CVSS3: 7.5

ubuntu

почти 7 лет назад

CVE-2019-11503

CVSS3: 7.5

debian

почти 7 лет назад

snap-confine as included in snapd before 2.39 did not guard against sy ...

GHSA-w39p-qmcm-pxpm

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 64%

0.00475

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59