4 matches found
Internet Bug Bounty: Canonical Snapcraft vulnerable to remote code execution under certain conditions
Preface: I apologize for previously submitting this bug to hacker1 before it was fully addressed by the Ubuntu Security Team I have reported this issue to the Ubuntu Security team and it has been fixed: CVE-2020-27348 Bug link: https://bugs.launchpad.net/snapcraft/+bug/1901572 Ubuntu Security Tea...
CVE-2020-27348
creationtimestamp| type| source ---|---|--- 2020-12-04 07:26:42+00:00| seen| https://t.me/cibsecurity/17140 2024-04-23 19:19:00+00:00| seen| https://t.me/arpsyndicate/4767...
CVE-2020-27348
The CVE-2020-27348 issue is concrete: snapcraft builds can set LD_LIBRARY_PATH to include the current directory, enabling a malicious snap to execute code inside the context of another snap when both use the home interface. Affected are snapcraft before 4.4.4 and before 2.43.1+16.04.1/2.43.1+18.0...
CVE-2020-27348 snapcraft may build snaps with incorrect LD_LIBRARY_PATH
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...