CVE-2019-12589 — Incorrect Permission Assignment in Project Firejail

CWE-732 — Incorrect Permission Assignment7 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 76.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Firejail Project Firejail

Timeline

PublishedJun 3

Latest updateMay 24

Description

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶NVDfirejail_project/firejail< 0.9.60

▶Debianfirejail_project/firejail< 0.9.58.2-2+3

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-q9v9-56wp-f76g: In Firejail before 0↗2022-05-24

▶

CVEList

CVE-2019-12589: In Firejail before 0↗2019-06-03

▶

OSV

CVE-2019-12589: In Firejail before 0↗2019-06-03

▶

📋Vendor Advisories

Debian

CVE-2019-12589: firejail - In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading...↗2019

▶

💬Community

Bugzilla

CVE-2019-12589 firejail: improper seccomp restrictions due to filters being writable inside the jail↗2019-06-03

▶

Bugzilla

CVE-2019-12589 firejail: improper seccomp restrictions due to filters being writable inside the jail [fedora-all]↗2019-06-03

▶