CVE-2020-11931 Ubuntu modifications to pulseaudio to provide snap security enforcement could be unloaded

🗓️ 15 May 2020 03:25:11Reported by canonicalType

Ubuntu Pulseaudio snap security bypass vulnerabilit

Reporter	Title	Published	Views	Family All 13
CNVD	Pulseaudio Access Control Bypass Vulnerability	18 May 202000:00	–	cnvd
CVE	CVE-2020-11931	15 May 202003:25	–	cve
EUVD	EUVD-2020-4268	7 Oct 202500:30	–	euvd
NVD	CVE-2020-11931	15 May 202004:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-4355-1)	13 May 202000:00	–	openvas
OSV	CVE-2020-11931	15 May 202004:15	–	osv
OSV	UBUNTU-CVE-2020-11931	16 Apr 202000:00	–	osv
OSV	USN-4355-1 pulseaudio vulnerability	12 May 202019:25	–	osv
Prion	Design/Logic Flaw	15 May 202004:15	–	prion
SUSE CVE	SUSE CVE-2020-11931	15 Feb 202303:59	–	susecve

[
  {
    "product": "pulseaudio",
    "vendor": "Canonical",
    "versions": [
      {
        "lessThan": "1:8.0-0ubuntu3.12",
        "status": "affected",
        "version": "1:8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "1:11.1-1ubuntu7.7",
        "status": "affected",
        "version": "1:11.1",
        "versionType": "custom"
      },
      {
        "lessThan": "1:13.0-1ubuntu1.2",
        "status": "affected",
        "version": "1:13.0",
        "versionType": "custom"
      },
      {
        "lessThan": "1:13.99.1-1ubuntu3.2",
        "status": "affected",
        "version": "1:13.99.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
forum	www.forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3
usn	www.usn.ubuntu.com/4355-1/

18 May 2020 18:06Current

3.8Low risk

Vulners AI Score3.8

CVSS 3.13.3

EPSS0.0033

CWE-284