Security
Headlines

Headlines Latest CVEs

Headline

GHSA-4mh8-9689-38vr: snapd failed to restrict writes to the $HOME/bin path

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the ‘home’ plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.

2 months ago

#vulnerability #ubuntu #git

GitHub Advisory Database
GitHub Reviewed
CVE-2024-1724

snapd failed to restrict writes to the $HOME/bin path

Moderate severity GitHub Reviewed Published Jul 25, 2024 to the GitHub Advisory Database • Updated Jul 26, 2024

Package

gomod github.com/snapcore/snapd (Go)

Published to the GitHub Advisory Database

Jul 25, 2024

Last updated

Jul 26, 2024

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

2 days ago

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

2 days ago

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

2 days ago

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

2 days ago

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

2 days ago