CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29069 – snapd will follow archived symlinks when unpacking a filesystem
https://notcve.org/view.php?id=CVE-2024-29069
25 Jul 2024 — In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out... • https://github.com/snapcore/snapd/pull/13682 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29068 – snapd non-regular file indefinite blocking read
https://notcve.org/view.php?id=CVE-2024-29068
25 Jul 2024 — In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinite... • https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1523 – Ubuntu Security Notice USN-6125-1
https://notcve.org/view.php?id=CVE-2023-1523
31 May 2023 — Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. Utilizando la petición IOCTL de TIOCLINUX, un snap malicoso podría inyectar contenido en la entrada del terminal de control, lo... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-3328 – snap-confine must_mkdir_and_open_with_perms() Race Condition
https://notcve.org/view.php?id=CVE-2022-3328
01 Dec 2022 — Race condition in snap-confine's must_mkdir_and_open_with_perms() Condición de ejecución en must_mkdir_and_open_with_perms() de snap-confine The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing the private /tmp mount for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. • https://packetstorm.news/files/id/170176 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 2CVE-2021-4120 – snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths
https://notcve.org/view.php?id=CVE-2021-4120
17 Feb 2022 — snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 snapd versión 2.54.2, no lleva a cabo una comprobación suficiente de la interfaz de contenido de snap y de las rutas de diseño, resultando en una posibilidad de que los sn... • http://www.openwall.com/lists/oss-security/2022/02/18/2 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-44730 – snapd could be made to escalate privileges and run programs as administrator
https://notcve.org/view.php?id=CVE-2021-44730
17 Feb 2022 — snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 snapd versión 2.54.2, no comprueba apropiadamente la ubicación del binario snap-confine. Un atacante local que pueda enlazar este binario a otra ubicación puede causar que snap-confine ejecute otros bi... • http://www.openwall.com/lists/oss-security/2022/02/18/2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3155 – snapd created ~/snap with too-wide permissions
https://notcve.org/view.php?id=CVE-2021-3155
17 Feb 2022 — snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 snapd versiones 2.54.2 y anteriores, creaban directorios ~/snap en los directorios personales de usuarios sin especificar los permisos de sólo propietario. Esto podía permitir a un atacante local leer información que debería ser privada.... • https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 6CVE-2021-44731 – snapd could be made to escalate privileges and run programs as administrator
https://notcve.org/view.php?id=CVE-2021-44731
17 Feb 2022 — A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 Se presentaba una condición de carrera en snapd versión 2.54.2 en el binario snap-confine cuando era... • https://packetstorm.news/files/id/170176 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27352 – Ubuntu Security Notice USN-4728-1
https://notcve.org/view.php?id=CVE-2020-27352
10 Feb 2021 — When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended. Al generar las unidades de servicio systemd para el complemento de Docker (y otros complementos simi... • https://bugs.launchpad.net/snapd/+bug/1910456 • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-11933 – local snapd exploit through cloud-init
https://notcve.org/view.php?id=CVE-2020-11933
15 Jul 2020 — cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659. cloud-init administrado por snapd en lo... • https://launchpad.net/bugs/1879530 • CWE-264: Permissions, Privileges, and Access Controls •