CVE-2021-3155

CWE-276Incorrect Default Permissions13 documents6 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 91.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Canonical SnapdCanonical Ltd. SnapdCanonical Ubuntu Linux
Timeline
PublishedFeb 17
Latest updateFeb 24

Description

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

Affected Packages4 packages

NVDcanonical/snapd< 2.54.3
Debiansnapd< 2.54-1+2
Ubuntusnapd< 2.54.3+18.04+8
CVEListV5canonical_ltd./snapdunspecified2.54.2

Also affects: Ubuntu Linux 18.04, 20.04, 21.10

Patches

Patch: github.comPatch: github.comPatch: ubuntu.com

🔴Vulnerability Details

7
OSV
snapd regression2022-02-24
GHSA
GHSA-7x7f-q6wr-wc4w: snapd 22022-02-19
OSV
snapd vulnerabilities2022-02-18
OSV
snapd vulnerabilities2022-02-18
OSV
snapd vulnerabilities2022-02-17

📋Vendor Advisories

5
Ubuntu
snapd regression2022-02-24
Ubuntu
snapd vulnerabilities2022-02-18
Ubuntu
snapd vulnerabilities2022-02-18
Ubuntu
snapd vulnerabilities2022-02-17
Debian
CVE-2021-3155: snapd - snapd 2.54.2 and earlier created ~/snap directories in user home directories wit...2021
CVE-2021-3155 (MEDIUM CVSS 5.5) | snapd 2.54.2 and earlier created ~/ | cvebase.io