10 matches found
GHSA-P9V8-Q5M4-PF46 CVE-2024-5138: snapd snapctl auth bypass
Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using snap run --shell firefox followed by snapctl mount, since snapd...
CVE-2024-5138: snapd snapctl auth bypass
Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using snap run --shell firefox followed by snapctl mount, since snapd...
GO-2024-2906 CVE-2024-5138 in github.com/snapcore/snapd
CVE-2024-5138 in github.com/snapcore/snapd...
Duplicate Advisory: CVE-2024-5138: snapd snapctl auth bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p9v8-q5m4-pf46. This link is maintained to preserve external references. Original Description The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privilege...
CVE-2024-5138
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...
CVE-2024-5138
The CVE-2024-5138 issue affects the snapd component snapctl. The root cause is improper parsing/validation of command-line arguments in snapctl, allowing an unprivileged user to trigger an authorised action on behalf of snapd that would normally require administrator privileges. This could lead t...
CVE-2024-5138
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...
CVE-2024-5138
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...
CVE-2024-5138
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...
CVE-2024-5138
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...