CVE-2020-27348 — Uncontrolled Search Path Element in Snapcraft

CWE-427 — Uncontrolled Search Path Element7 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 79.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Snapcraft Canonical Ubuntu Linux

Timeline

PublishedDec 4

Latest updateMay 24

Description

In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:LExploitability: 1.3 | Impact: 5.5

Affected Packages2 packages

▶CVEListV5canonical/snapcraft4.4 — 4.4.4+1

▶NVDcanonical/snapcraft< 4.4.4

Also affects: Ubuntu Linux 16.04, 18.04

Patches

Patch: usn.ubuntu.com ↗Patch: usn.ubuntu.com ↗

🔴Vulnerability Details

OSV

snapcraft Access Restriction Bypass↗2022-05-24

▶

GHSA

snapcraft Access Restriction Bypass↗2022-05-24

▶

OSV

CVE-2020-27348: In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execut↗2020-12-04

▶

CVEList

snapcraft may build snaps with incorrect LD_LIBRARY_PATH↗2020-12-04

▶

📋Vendor Advisories

Ubuntu

Snapcraft vulnerability↗2020-12-03

▶

💬Community

HackerOne

Canonical Snapcraft vulnerable to remote code execution under certain conditions↗2021-07-23

▶