Medium severity5.9NVD Advisory· Published Jul 11, 2017· Updated May 13, 2026

CVE-2017-10600

Description

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.

Affected products

Canonical (company)/Ubuntu Image
cpe:2.3:a:canonical:ubuntu-image:1.0:2017-07-06:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forum.snapcraft.io/t/ownership-bug-in-ubuntu-image/1285nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000