CVE-2024-1724Incorrect Permission Assignment in Snap

CWE-732Incorrect Permission AssignmentCWE-22Path Traversal13 documents7 sources
Severity
8.2HIGHNVD
CNA6.3GHSA7.3
EPSS
0.0%
top 92.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Canonical SnapSnapcraft SnapdGithub.com Snapcore Snapd+1 more
Timeline
PublishedJul 25
Latest updateJan 13

Description

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages5 packages

NVDcanonical/snapd< 2.62
Debiansnapcraft/snapd< 2.62-1+1
Ubuntusnapcraft/snapd< 2.63+20.04ubuntu0.1+4
CVEListV5canonical/snap< 2.62

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

8
OSV
snapd vulnerabilities2025-01-13
GHSA
@actions/artifact has an Arbitrary File Write via artifact extraction2024-09-03
OSV
snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd2024-08-06
OSV
snapd vulnerabilities2024-08-01
CVEList
snapd allows $HOME/bin symlink2024-07-25

📋Vendor Advisories

4
Ubuntu
snapd vulnerabilities2025-01-13
Ubuntu
snapd vulnerabilities2024-08-01
Red Hat
snapd: Snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path.2024-07-25
Debian
CVE-2024-1724: snapd - In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox...2024
CVE-2024-1724 — Incorrect Permission Assignment in Snap | cvebase