CVE-2019-8308
published 2019-02-12CVE-2019-8308: Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side…
high8.2CVSS 3.0
AVLACLPRLUIRSCCHIHAH
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | flatpak | < flatpak 1.2.3-1 (bookworm) | flatpak 1.2.3-1 (bookworm) |
| flatpak | flatpak | < 1.0.7 | 1.0.7 |
| flatpak | flatpak | >= 0 < 1.2.3-1 | 1.2.3-1 |
| flatpak | flatpak | >= 0 < 1.2.3-1 | 1.2.3-1 |
| flatpak | flatpak | >= 0 < 1.2.3-1 | 1.2.3-1 |
| flatpak | flatpak | >= 0 < 1.2.3-1 | 1.2.3-1 |
| flatpak | flatpak | 1.1.0 – 1.1.3 | — |
| flatpak | flatpak | 1.2.0 – 1.2.3 | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.08.2HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
osv8.2HIGH