CVE-2020-13753
published 2020-07-14CVE-2020-13753: The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER…
PriorityP358critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
2.92%
85.3th percentile
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | webkit2gtk | < webkit2gtk 2.28.3-1 (bookworm) | webkit2gtk 2.28.3-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.28.3-1 (bookworm) | webkit2gtk 2.28.3-1 (bookworm) |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| webkitgtk | webkitgtk | < 2.28.3 | 2.28.3 |
| wpewebkit | wpe_webkit | < 2.28.3 | 2.28.3 |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2020-11-26
CVE-2020-13753 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Ubuntu
WebKitGTK+ vulnerabilities
vendor_ubuntu·2020-07-14
CVE-2020-13753 WebKitGTK+ vulnerabilities
Title: WebKitGTK+ vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Red Hat
webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl
vendor_redhat·2020-07-10·CVSS 10.0
CVE-2020-13753 [CRITICAL] CWE-284 webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl
webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
A flaw was found in webkitgtk in versions prior to 2.28.3 and in WPE WebKit in versions prior to 2.28.3. The bubblewrap sandbox failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside the sandbox. TIOCS
Debian
CVE-2020-13753: webkit2gtk - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to p...
vendor_debian·2020·CVSS 10.0
CVE-2020-13753 [CRITICAL] CVE-2020-13753: webkit2gtk - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to p...
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
Scope: local
bookworm: resolved (fixed in 2.28.3-1)
bullseye: resolved (fixed in 2.28.3-1)
forky: resolved (fixed in 2.28.3-1)
sid: resolved (fixed in 2.28.3-1)
trixie: resolved (fixed in 2.28.3-1)
GHSA
GHSA-7vvx-4whv-jg73: The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2
ghsa_unreviewed·2022-05-24·CVSS 10.0
CVE-2020-13753 [CRITICAL] CWE-20 GHSA-7vvx-4whv-jg73: The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
OSV
CVE-2020-13753: The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2
osv·2020-07-14·CVSS 10.0
CVE-2020-13753 [CRITICAL] CVE-2020-13753: The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/https://security.gentoo.org/glsa/202007-11https://trac.webkit.org/changeset/262368/webkithttps://usn.ubuntu.com/4422-1/https://www.debian.org/security/2020/dsa-4724https://www.openwall.com/lists/oss-security/2020/07/10/1http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/https://security.gentoo.org/glsa/202007-11https://trac.webkit.org/changeset/262368/webkithttps://usn.ubuntu.com/4422-1/https://www.debian.org/security/2020/dsa-4724https://www.openwall.com/lists/oss-security/2020/07/10/1
2020-07-14
Published