EUVD-2020-26485

Malware in sbrugna...

RockyLinux 9 : bubblewrap and flatpak (RLSA-2024:9449)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9449 advisory. flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 Tenable has extracted the preceding description block directly from t...

Amazon Linux 2023 : bubblewrap (ALAS2023-2024-726)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-726 advisory. A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can...

SUSE CVE-2020-5291

Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...

The vulnerability of the Bubblewrap application, related to insecure management of privileges, allows a perpetrator to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Bubblewrap application is related to insecure handling of privileges. Exploiting this vulnerability allows an attacker operating remotely to compromise the confidentiality and integrity of the protected information...

Bubblewrap Elevation of Privilege Vulnerability

Bubblewrap is a set of unprivileged sandboxing tools. A security vulnerability exists in Bubblewrap bwrap versions prior to 0.4.1. An attacker can exploit this vulnerability to gain root privileges...