CVE-2024-5138 — Improper Input Validation in LTD Snapd

CWE-20 — Improper Input Validation CWE-285 — Improper Authorization9 documents5 sources

Severity

8.1HIGHNVD

EPSS

0.6%

top 30.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical LTD Snapd Snapcraft Snapd Github.com Snapcore Snapd +1 more

Timeline

PublishedMay 31

Latest updateJan 16

Description

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶NVDcanonical/snapd2.51.6 — 2.63.1

▶CVEListV5canonical_ltd/snapd< 68ee9c6aa916ab87dbfd9a26030690f2cabf1e14

▶Gogithub.com/snapcore_snapd2.51.6 — 2.63.1+1

▶Debiansnapcraft/snapd< 2.62-3+1

Patches

Patch: bugs.launchpad.net ↗Patch: github.com ↗Patch: bugs.launchpad.net ↗

🔴Vulnerability Details

OSV

CVE-2024-5138: snapd snapctl auth bypass↗2025-01-16

▶

GHSA

CVE-2024-5138: snapd snapctl auth bypass↗2025-01-16

▶

OSV

CVE-2024-5138 in github.com/snapcore/snapd↗2024-06-14

▶

CVEList

CVE-2024-5138: The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap↗2024-05-31

▶

OSV

Duplicate Advisory: CVE-2024-5138: snapd snapctl auth bypass↗2024-05-31

▶

📋Vendor Advisories

Debian

CVE-2024-5138: snapd - The snapctl component within snapd allows a confined snap to interact with the s...↗2024

▶