Описание
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2.29.4.2+17.10 |
| devel | released | 2.29.4.2+18.04 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.29.4.2~14.04]] |
| esm-infra/xenial | released | 2.29.4.2 |
| precise/esm | DNE | |
| trusty | released | 2.29.4.2~14.04 |
| trusty/esm | DNE | trusty was released [2.29.4.2~14.04] |
| upstream | released | 2.29.3 |
| xenial | released | 2.29.4.2 |
| zesty | released | 2.29.4.2+17.04 |
Показывать по
10
Ссылки на источники
EPSS
Процентиль: 78%
0.01172
Низкий
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
около 8 лет назад
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.
CVSS3: 7.5
debian
около 8 лет назад
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to ...
EPSS
Процентиль: 78%
0.01172
Низкий
5 Medium
CVSS2
7.5 High
CVSS3