Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-13753

Опубликовано: 10 июл. 2020
Источник: redhat
CVSS3: 10
EPSS Низкий

Описание

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

A flaw was found in webkitgtk in versions prior to 2.28.3 and in WPE WebKit in versions prior to 2.28.3. The bubblewrap sandbox failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal’s input buffer, similar to CVE-2017-5226. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkNot affected
Red Hat Enterprise Linux 7webkitgtk3Not affected
Red Hat Enterprise Linux 8webkit2gtk3Not affected
Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4FixedRHSA-2025:1036407.07.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-284->CWE-77
https://bugzilla.redhat.com/show_bug.cgi?id=1879570webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl

EPSS

Процентиль: 79%
0.01219
Низкий

10 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-13753

CVSS3: 10
ubuntu
больше 5 лет назад

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

nvd логотип

CVE-2020-13753

CVSS3: 10
nvd
больше 5 лет назад

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

debian логотип

CVE-2020-13753

CVSS3: 10
debian
больше 5 лет назад

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, f ...

github логотип

GHSA-7vvx-4whv-jg73

CVSS3: 10
github
больше 3 лет назад

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

suse-cvrf логотип

openSUSE-SU-2020:1064-1

suse-cvrf
больше 5 лет назад

Security update for webkit2gtk3

EPSS

Процентиль: 79%
0.01219
Низкий

10 Critical

CVSS3