Your submission was sent successfully! Close

CVE-2019-11502

Published: 24 April 2019

snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
snapd
Launchpad, Ubuntu, Debian
bionic
Released (2.38+18.04)
cosmic
Released (2.38+18.10)
disco
Released (2.38+19.04)
precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream
Released (2.38)
xenial
Released (2.38)