cbcvebase.
CVE-2017-5940
published 2017-02-09

CVE-2017-5940: Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user…

PriorityP337high8.8CVSS 3.0
AVLACLPRLUINSCCHIHAH
EPSS
0.36%
27.9th percentile
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianfirejail< firejail 0.9.44.6-1 (bookworm)firejail 0.9.44.6-1 (bookworm)
firejail_projectfirejail>= 0 < 0.9.44.6-10.9.44.6-1
firejail_projectfirejail>= 0 < 0.9.44.6-10.9.44.6-1
firejail_projectfirejail>= 0 < 0.9.44.6-10.9.44.6-1
firejail_projectfirejail>= 0 < 0.9.44.6-10.9.44.6-1
firejail_projectfirejail0.9.38 – 0.9.38.10
firejail_projectfirejail0.9.40 – 0.9.44.6

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.