Medium severity5.9NVD Advisory· Published Jul 11, 2017· Updated Jun 17, 2026
CVE-2017-10600
CVE-2017-10600
Description
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:canonical:ubuntu-image:1.0:2017-07-06:*:*:*:*:*:*
- Range: <2017-07-07
Patches
Vulnerability mechanics
References
1- forum.snapcraft.io/t/ownership-bug-in-ubuntu-image/1285nvdThird Party Advisory
News mentions
0No linked articles in our index yet.