Описание
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.21.0+ds-1ubuntu7 |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| questing | needs-triage | |
| upstream | released | 1.20.4+ds-1 |
Показывать по
Ссылки на источники
2.9 Low
CVSS3
Связанные уязвимости
A flaw was found in Flatpak xdg-desktop-portal. A malicious Flatpak application can exploit this vulnerability by performing a symbolic link (symlink) attack on the `g_file_trash` function. This allows the Flatpak application to delete any file on the host system, leading to a denial of service.
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allo ...
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.
2.9 Low
CVSS3