漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
snapd allows $HOME/bin symlink
漏洞信息
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.
漏洞信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
漏洞
关键资源的不正确权限授予
漏洞
snapd 安全漏洞
漏洞信息
snapd是snapcore开源的一个跨平台的包管理工具。使系统能够使用.snap文件。 snapd 2.62之前版本存在安全漏洞,该漏洞源于当使用 AppArmor 强制执行沙盒权限时,无法限制对 $HOME/bin 路径的写入。
漏洞信息
N/A
漏洞
N/A