Описание
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
Отчет
This flaw requires a local user account to exploit. Since local users without root privileges are not supported on Red Had CloudForms, or on Red Hat Ansible Tower, this vulnerability is rated Low severity on these products. Future updates may address this vulnerability.
Меры по смягчению последствий
The default setting of fs.protected_symlinks = 1 prevents any Confidentiality or Integrity impact from exploiting this vulnerability, reducing its rating to Low severity (4.7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Tower 3 | bubblewrap | Affected | ||
| Red Hat Enterprise Linux 8 | bubblewrap | Affected | ||
| CloudForms Management Engine 5.10 | ansible-runner | Fixed | RHSA-2019:1833 | 24.07.2019 |
| CloudForms Management Engine 5.10 | ansible-tower | Fixed | RHSA-2019:1833 | 24.07.2019 |
| CloudForms Management Engine 5.10 | bubblewrap | Fixed | RHSA-2019:1833 | 24.07.2019 |
| CloudForms Management Engine 5.10 | cfme | Fixed | RHSA-2019:1833 | 24.07.2019 |
| CloudForms Management Engine 5.10 | cfme-amazon-smartstate | Fixed | RHSA-2019:1833 | 24.07.2019 |
| CloudForms Management Engine 5.10 | cfme-appliance | Fixed | RHSA-2019:1833 | 24.07.2019 |
| CloudForms Management Engine 5.10 | cfme-gemset | Fixed | RHSA-2019:1833 | 24.07.2019 |
| CloudForms Management Engine 5.10 | ovirt-ansible-hosted-engine-setup | Fixed | RHSA-2019:1833 | 24.07.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories ...
EPSS
7 High
CVSS3