CVE-2024-1724

Publication date 1 July 2024

Last updated 6 August 2024


Ubuntu priority

Cvss 3 Severity Score

6.3 · Medium

Score breakdown

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.

Read the notes from the security team

Status

Package Ubuntu Release Status
snapd 24.10 oracular
Fixed 2.63+24.10
24.04 LTS noble
Fixed 2.62+24.04build1
23.10 mantic Ignored end of life, was needed
22.04 LTS jammy
Fixed 2.63+22.04ubuntu0.1
20.04 LTS focal
Fixed 2.63+20.04ubuntu0.1
18.04 LTS bionic
Vulnerable
16.04 LTS xenial
Vulnerable
14.04 LTS trusty Ignored end of standard support

Notes


sarnold

CWE-732 CAPEC-1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
snapd

Severity score breakdown

Parameter Value
Base score 6.3 · Medium
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Changed
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L