Количество 6
Количество 6

CVE-2024-29069
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.

CVE-2024-29069
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.
CVE-2024-29069
In snapd versions prior to 2.62, snapd failed to properly check the de ...
GHSA-69p6-gp5x-j269
snapd failed to properly check the destination of symbolic links when extracting a snap

BDU:2024-06997
Уязвимость утилиты для управления самодостаточными пакетами snapd, связанная с неправильным разрешением ссылки перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальной информации

ROS-20240910-07
Множественные уязвимости snapd
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
---|---|---|---|---|
![]() | CVE-2024-29069 In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information. | CVSS3: 4.8 | 0% Низкий | 11 месяцев назад |
![]() | CVE-2024-29069 In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information. | CVSS3: 4.8 | 0% Низкий | 11 месяцев назад |
CVE-2024-29069 In snapd versions prior to 2.62, snapd failed to properly check the de ... | CVSS3: 4.8 | 0% Низкий | 11 месяцев назад | |
GHSA-69p6-gp5x-j269 snapd failed to properly check the destination of symbolic links when extracting a snap | CVSS3: 4.8 | 0% Низкий | 11 месяцев назад | |
![]() | BDU:2024-06997 Уязвимость утилиты для управления самодостаточными пакетами snapd, связанная с неправильным разрешением ссылки перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальной информации | CVSS3: 7.3 | 0% Низкий | 11 месяцев назад |
![]() | ROS-20240910-07 Множественные уязвимости snapd | CVSS3: 8.1 | 10 месяцев назад |
Уязвимостей на страницу