CVE-2024-1724

Published: Jul 25, 2024Modified: Nov 21, 2024

8.2

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.5 / Impact: 6.0

Source: NVD

Description

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.

Affected (1)

Products: Canonical: Snapd

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Snapd	Before 2.62

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6

Source: security@ubuntu.com

Patch

https://github.com/snapcore/snapd/pull/13689

Source: security@ubuntu.com

Issue TrackingPatch

https://gld.mcphail.uk/posts/explaining-cve-2024-1724/

Source: security@ubuntu.com

ExploitTechnical DescriptionThird Party Advisory

https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/snapcore/snapd/pull/13689

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://gld.mcphail.uk/posts/explaining-cve-2024-1724/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.