8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.7%
Flatpak doesn’t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there’s a null byte in the metadata file of an app. (CVE-2021-43860) Path traversal vulnerability (CVE-2022-21682) Various other fixes and enhancements included in update to version 1.12.7.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | flatpak | < 1.12.7-1 | flatpak-1.12.7-1.mga8 |
Mageia | 8 | noarch | discover | < 5.20.4-3.3 | discover-5.20.4-3.3.mga8 |
Mageia | 8 | noarch | gnome-software | < 3.38.0-2.1 | gnome-software-3.38.0-2.1.mga8 |
Mageia | 8 | noarch | xdg-desktop-portal-kde | < 5.20.4-2.1 | xdg-desktop-portal-kde-5.20.4-2.1.mga8 |
bugs.mageia.org/show_bug.cgi?id=29885
github.com/flatpak/flatpak/releases/tag/1.10.7
github.com/flatpak/flatpak/releases/tag/1.12.4
github.com/flatpak/flatpak/releases/tag/1.12.5
github.com/flatpak/flatpak/releases/tag/1.12.6
github.com/flatpak/flatpak/releases/tag/1.12.7
github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
lists.fedoraproject.org/archives/list/[email protected]/thread/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH/
lists.fedoraproject.org/archives/list/[email protected]/thread/F46WFOXXRE63UMMTLQB2FOJT4KLI5AR7/
lists.fedoraproject.org/archives/list/[email protected]/thread/G4SGDDYLN2BFKCHIDCXL2QTDVHPMZZM4/
lists.fedoraproject.org/archives/list/[email protected]/thread/IXKBERLJRYV7KXKGXOLI6IOXVBQNN4DP/
lists.fedoraproject.org/archives/list/[email protected]/thread/UELF5NVMHRQ45DEBIRQGIVCV4PADFC37/
lists.opensuse.org/archives/list/[email protected]/thread/T4OG73MX3JPZBHYMUXUULPTVL7ZOOTZ5/
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.7%