A path traversal vulnerability was found in Flatpak. This happens when flatpak-builder applies finish-args
last in the build. At this point the build directory will have the full access that is specified in the manifest, so running flatpak build
against it will gain those permissions.