CVE-2021-3155
published 2022-02-17CVE-2021-3155: snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | snapd | < 2.54.3 | 2.54.3 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical_ltd | snapd | unspecified – 2.54.2 | — |
| debian | snapd | < snapd 2.54-1 (bookworm) | snapd 2.54-1 (bookworm) |
| snapcraft | snapd | >= 0 < 2.54-1 | 2.54-1 |
| snapcraft | snapd | >= 0 < 2.54-1 | 2.54-1 |
| snapcraft | snapd | >= 0 < 2.54-1 | 2.54-1 |
| snapcraft | snapd | >= 0 < 2.54.3+18.04 | 2.54.3+18.04 |
| snapcraft | snapd | >= 0 < 2.54.3+18.04.2ubuntu0.2 | 2.54.3+18.04.2ubuntu0.2 |
| snapcraft | snapd | >= 0 < 2.54.3+20.04 | 2.54.3+20.04 |
| snapcraft | snapd | >= 0 < 2.54.3+20.04.1 | 2.54.3+20.04.1 |
| snapcraft | snapd | >= 0 < 2.54.3+20.04.1ubuntu0.2 | 2.54.3+20.04.1ubuntu0.2 |
| snapcraft | snapd | >= 0 < 2.54.3+14.04~esm1 | 2.54.3+14.04~esm1 |
| snapcraft | snapd | >= 0 < 2.54.3+14.04.0ubuntu0.1~esm3 | 2.54.3+14.04.0ubuntu0.1~esm3 |
| snapcraft | snapd | >= 0 < 2.54.3+16.04~esm2 | 2.54.3+16.04~esm2 |
| snapcraft | snapd | >= 0 < 2.54.3+16.04.0ubuntu0.1~esm4 | 2.54.3+16.04.0ubuntu0.1~esm4 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM