Описание
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.1+17.10ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | ignored | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 1.1 |
| vivid/ubuntu-core | DNE | |
| xenial | ignored | |
| yakkety | released | 1.0+16.10ubuntu1.1 |
Показывать по
EPSS
4.6 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.
EPSS
4.6 Medium
CVSS2
5.9 Medium
CVSS3