Lucene search
Redhat.comRH:CVE-2017-9780HistoryJan 23, 2018 - 4:58 p.m.
CVE-2017-9780
2018-01-2316:58:05
redhat.com
access.redhat.com
6
0.0004 Low
EPSS
Percentile
5.1%
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the “system helper” component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
Related
fedora
fedora
[SECURITY] Fedora 24 Update: flatpak-0.8.7-1.fc24
2017-07-12 01:54:30
debiancve
debiancve
CVE-2017-9780
2017-06-21 15:29:00
openvas
openvas
Debian Security Advisory DSA 3895-1 (flatpak - security update)
2017-06-22 00:00:00
Debian: Security Advisory (DSA-3895-1)
2017-06-21 00:00:00
Fedora Update for flatpak FEDORA-2017-6b1f07acd9
2017-07-14 00:00:00
osv
osv
CVE-2017-9780
2017-06-21 15:29:00
flatpak - security update
2017-06-22 00:00:00
nvd
nvd
CVE-2017-9780
2017-06-21 15:29:00
prion
prion
Design/Logic Flaw
2017-06-21 15:29:00
cvelist
cvelist
CVE-2017-9780
2017-06-21 15:00:00
cve
cve
CVE-2017-9780
2017-06-21 15:29:00
nessus
nessus
Debian DSA-3895-1 : flatpak - security update
2017-06-23 00:00:00
Fedora 24 : flatpak (2017-6b1f07acd9)
2017-07-13 00:00:00
openSUSE Security Update : flatpak (openSUSE-2018-139)
2018-02-08 00:00:00
debian
debian
[SECURITY] [DSA 3895-1] flatpak security update
2017-06-22 17:45:31
ubuntucve
ubuntucve
CVE-2017-9780
2017-06-21 00:00:00