8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
49.4%
Sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the “flatpak run” command when spawning a sub-sandbox (CVE-2021-21261). A potential attack where a flatpak application could use custom formatted .desktop files to gain access to files on the host system (CVE-2021-21381). The update also removes the unnecessary flatpak-tests subpackage.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | libglib-testing | < 0.1.0-2 | libglib-testing-0.1.0-2.mga7 |
Mageia | 7 | noarch | appstream-glib | < 0.7.15-1 | appstream-glib-0.7.15-1.mga7 |
Mageia | 7 | noarch | malcontent | < 0.9.0-2 | malcontent-0.9.0-2.mga7 |
Mageia | 7 | noarch | bubblewrap | < 0.4.1-1 | bubblewrap-0.4.1-1.mga7 |
Mageia | 7 | noarch | ostree | < 2020.8-1 | ostree-2020.8-1.mga7 |
Mageia | 7 | noarch | flatpak | < 1.10.2-1 | flatpak-1.10.2-1.mga7 |
Mageia | 7 | noarch | gnome-software | < 3.32.2-2.1 | gnome-software-3.32.2-2.1.mga7 |
bugs.mageia.org/show_bug.cgi?id=25978
bugs.mageia.org/show_bug.cgi?id=27126
bugs.mageia.org/show_bug.cgi?id=28575
github.com/flatpak/flatpak/issues/4146
github.com/flatpak/flatpak/releases
github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
lists.fedoraproject.org/archives/list/[email protected]/thread/2K2Q5P4IIUN2SFJKQKB4UJQ37CE2E55K/
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
49.4%