Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
snapd allows $HOME/bin symlink
Vulnerability Description
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
snapd 安全漏洞
Vulnerability Description
snapd是snapcore开源的一个跨平台的包管理工具。使系统能够使用.snap文件。 snapd 2.62之前版本存在安全漏洞,该漏洞源于当使用 AppArmor 强制执行沙盒权限时,无法限制对 $HOME/bin 路径的写入。
CVSS Information
N/A
Vulnerability Type
N/A