CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42472 – Flatpak may allow access to files outside sandbox for certain apps
https://notcve.org/view.php?id=CVE-2024-42472
15 Aug 2024 — Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to th... • https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32462 – Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing
https://notcve.org/view.php?id=CVE-2024-32462
18 Apr 2024 — Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to p... • http://www.openwall.com/lists/oss-security/2024/04/18/5 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28101 – Flatpak metadata with ANSI control codes can cause misleading terminal output
https://notcve.org/view.php?id=CVE-2023-28101
16 Mar 2023 — Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI ... • https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28100 – TIOCLINUX can send commands outside sandbox if running on a virtual console
https://notcve.org/view.php?id=CVE-2023-28100
16 Mar 2023 — Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical termi... • https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9 • CWE-20: Improper Input Validation •