Описание
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.34.2+18.04.1 |
| cosmic | released | 2.35.5+18.10.1 |
| devel | not-affected | 2.37.2+19.04 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.34.2~14.04.1]] |
| esm-infra/bionic | released | 2.34.2+18.04.1 |
| esm-infra/xenial | released | 2.34.2ubuntu0.1 |
| precise/esm | DNE | |
| trusty | released | 2.34.2~14.04.1 |
| trusty/esm | DNE | trusty was released [2.34.2~14.04.1] |
| upstream | released | 2.37.1-1 |
Показывать по
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Canonical snapd before version 2.37.1 incorrectly performed socket own ...
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Уязвимость утилиты для управления самодостаточными пакетами snapd, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3