CVE-2019-11503
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."
snap-confine, como se incluía en snap antes de la versión 2.39, no protegía contra condiciones de carrera en enlaces simbólicos al realizar el chdir() al directorio de trabajo actual del usuario que realiza la llamada, también conocido como "cwd restore permission bypass".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-04-24 CVE Reserved
- 2019-04-24 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/04/25/7 | Mailing List |
|
| https://github.com/snapcore/snapd/pull/6642 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2019/04/18/4 | 2024-08-04 |
| URL | Date | SRC |
|---|