Github.Com Snapcore Snapd vulnerabilities

5 known vulnerabilities affecting github.com/snapcore_snapd.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2024-29068MEDIUM≥ 0, < 2.622024-07-25
CVE-2024-29068 [MEDIUM] CWE-20 snapd failed to properly check the file type when extracting a snap snapd failed to properly check the file type when extracting a snap In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd
ghsaosv
CVE-2024-1724MEDIUM≥ 0, < 2.622024-07-25
CVE-2024-1724 [MEDIUM] CWE-732 snapd failed to restrict writes to the $HOME/bin path snapd failed to restrict writes to the $HOME/bin path In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install
ghsaosv
CVE-2024-29069LOW≥ 0, < 2.622024-07-25
CVE-2024-29069 [LOW] CWE-59 snapd failed to properly check the destination of symbolic links when extracting a snap snapd failed to properly check the destination of symbolic links when extracting a snap In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons an
ghsaosv
CVE-2024-5138HIGHCVSS 8.1≥ 2.51.6, < 2.63.12024-05-31
CVE-2024-5138 [HIGH] Duplicate Advisory: CVE-2024-5138: snapd snapctl auth bypass Duplicate Advisory: CVE-2024-5138: snapd snapctl auth bypass # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p9v8-q5m4-pf46. This link is maintained to preserve external references. # Original Description The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that sna
ghsaosv
CVE-2022-3328CRITICAL≥ 0, < 2.57.62024-01-08
CVE-2022-3328 [CRITICAL] CWE-362 snapd Race Condition vulnerability snapd Race Condition vulnerability Race condition in snap-confine's `must_mkdir_and_open_with_perms()`
ghsaosv