The vulnerability of the application management tools and Flatpak environments, related to errors in processing file descriptors, allows a hacker to modify any executable files on the host side.

The vulnerability of the application management tool and the Flatpak environment is related to errors in processing file descriptors. Exploiting this vulnerability allows an attacker to modify arbitrary executable files on the host by executing the “applyextra” script...

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...

Fedora 28 : flatpak (2018-4d68cf2b1c)

flatpak 1.0.6 release. This release fixes an issue that lets system-wide installed applications create setuid root files inside their app dir somewhere in /var/lib/flatpak/app. Setuid support is disabled inside flatpaks, so such files are only a risk if the user runs them manually outside flatpak...