CVE-2019-7304
published 2019-04-23CVE-2019-7304: Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | snapd | < 2.37.1 | 2.37.1 |
| canonical | snapd | >= unspecified < 2.37.1 | 2.37.1 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | snapd | < snapd 2.37.1-1 (bookworm) | snapd 2.37.1-1 (bookworm) |
| snapcraft | snapd | >= 0 < 2.37.1-1 | 2.37.1-1 |
| snapcraft | snapd | >= 0 < 2.37.1-1 | 2.37.1-1 |
| snapcraft | snapd | >= 0 < 2.37.1-1 | 2.37.1-1 |
| snapcraft | snapd | >= 0 < 2.37.1-1 | 2.37.1-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL