CVE-2021-3155

Published: Feb 17, 2022

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

3.8

LOW

Description

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Vendor	Product	Versions
Canonical Ltd.	snapd	affected `unspecified - <= 2.54.2`

Weaknesses (CWE)

CWE-276

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

References

https://ubuntu.com/security/notices/USN-5292-1

x_refsource_MISC

https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85

x_refsource_MISC

https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-3155

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References