Описание
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
This flaw appears to impact systems in special cases involving installing flatpak applications and runtimes system-wide. Installation of flatpak applications and runtimes locally should not be impacted.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | flatpak | Not affected | ||
| Red Hat Enterprise Linux 7 | flatpak | Fixed | RHSA-2019:0375 | 19.02.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.7 High
CVSS3
Связанные уязвимости
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc ...
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
EPSS
7.7 High
CVSS3