Your submission was sent successfully! Close

CVE-2019-8308

Published: 12 February 2019

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

Priority

Medium

CVSS 3 base score: 8.2

Status

Package Release Status
flatpak
Launchpad, Ubuntu, Debian
Upstream
Released (1.2.3-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.0.7-0ubuntu0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist