VYPR

Snapd

by Canonical

Source repositories

CVEs (11)

  • CVE-2019-7304CriApr 23, 2019
    risk 0.65cvss 9.8epss 0.61

    Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

  • CVE-2021-4120HigFeb 17, 2022
    risk 0.53cvss 8.2epss 0.00

    snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in…

  • CVE-2021-44731HigFeb 17, 2022
    risk 0.51cvss 7.8epss 0.01

    A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine…

  • CVE-2020-11933HigJul 29, 2020
    risk 0.47cvss 7.3epss 0.00

    cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass…

  • CVE-2019-7303HigApr 23, 2019
    risk 0.45cvss 7.5epss 0.04

    A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel…

  • CVE-2020-11934MedJul 29, 2020
    risk 0.38cvss 5.9epss 0.00

    It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious…

  • CVE-2024-1724MedJul 25, 2024
    risk 0.34cvss 6.3epss 0.00

    In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a…

  • CVE-2024-29068MedJul 25, 2024
    risk 0.31cvss 5.8epss 0.00

    In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap…

  • CVE-2024-29069MedJul 25, 2024
    risk 0.24cvss 4.8epss 0.00

    In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image…

  • CVE-2019-11502HigApr 24, 2019
    risk 0.00cvss 7.5epss 0.02

    snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.

  • CVE-2017-14178HigFeb 2, 2018
    risk 0.00cvss 7.5epss 0.02

    In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.