Go modules package
github.com/snapcore/snapd
pkg:golang/github.com/snapcore/snapd
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-29069 | — | < 2.62 | 2.62 | Jul 25, 2024 | In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image ( | ||
| CVE-2024-29068 | — | < 2.62 | 2.62 | Jul 25, 2024 | In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs | ||
| CVE-2024-1724 | — | < 2.62 | 2.62 | Jul 25, 2024 | In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a m | ||
| CVE-2024-5138 | — | >= 2.51.6, < 2.63.1 | 2.63.1 | May 31, 2024 | The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised ac | ||
| CVE-2022-3328 | — | < 2.57.6 | 2.57.6 | Jan 8, 2024 | Race condition in snap-confine's must_mkdir_and_open_with_perms() |
- CVE-2024-29069Jul 25, 2024affected < 2.62fixed 2.62
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (
- CVE-2024-29068Jul 25, 2024affected < 2.62fixed 2.62
In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs
- CVE-2024-1724Jul 25, 2024affected < 2.62fixed 2.62
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a m
- CVE-2024-5138May 31, 2024affected >= 2.51.6, < 2.63.1fixed 2.63.1
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised ac
- CVE-2022-3328Jan 8, 2024affected < 2.57.6fixed 2.57.6
Race condition in snap-confine's must_mkdir_and_open_with_perms()