CVE-2021-3155

Published: Feb 17, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Affected (4)

Products: Canonical: Snapd, Ubuntu Linux

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Snapd	Before 2.54.3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 20.04
Canonical Ubuntu Linux	Version 21.10

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85

Source: security@ubuntu.com

PatchThird Party Advisory

https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca

Source: security@ubuntu.com

PatchThird Party Advisory

https://ubuntu.com/security/notices/USN-5292-1

Source: security@ubuntu.com

PatchVendor Advisory

https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://ubuntu.com/security/notices/USN-5292-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.