CVE-2020-13753

CWE-20Improper Input ValidationCWE-284Improper Access ControlCWE-77Command Injection9 documents8 sources
Severity
10.0CRITICAL
EPSS
1.2%
top 20.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Webkitgtk WebkitgtkWpewebkit WPE WebkitCanonical Ubuntu Linux+3 more
Timeline
PublishedJul 14
Latest updateMay 24

Description

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages5 packages

NVDwebkitgtk/webkitgtk< 2.28.3
NVDwpewebkit/wpe_webkit< 2.28.3
Debianwpewebkit< 2.28.3-1+3
Debianwebkit2gtk< 2.28.3-1+3
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, Fedora 31, Ubuntu Linux 18.04, 19.10, 20.04

Patches

Patch: trac.webkit.orgPatch: trac.webkit.org

🔴Vulnerability Details

3
GHSA
GHSA-7vvx-4whv-jg73: The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 22022-05-24
OSV
CVE-2020-13753: The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 22020-07-14
CVEList
CVE-2020-13753: The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 22020-07-14

📋Vendor Advisories

4
Ubuntu
WebKitGTK vulnerabilities2020-11-26
Ubuntu
WebKitGTK+ vulnerabilities2020-07-14
Red Hat
webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl2020-07-10
Debian
CVE-2020-13753: webkit2gtk - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to p...2020

💬Community

1
Bugzilla
CVE-2020-13753 webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl2020-09-16