Lucene search
K

10 matches found

OSV
OSV
added 2025/01/16 5:19 p.m.27 views

GHSA-P9V8-Q5M4-PF46 CVE-2024-5138: snapd snapctl auth bypass

Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using snap run --shell firefox followed by snapctl mount, since snapd...

4CVSS8AI score0.00826EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/01/16 5:19 p.m.28 views

CVE-2024-5138: snapd snapctl auth bypass

Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using snap run --shell firefox followed by snapctl mount, since snapd...

8.1CVSS6.7AI score0.00826EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/06/14 1:41 p.m.23 views

GO-2024-2906 CVE-2024-5138 in github.com/snapcore/snapd

CVE-2024-5138 in github.com/snapcore/snapd...

8.1CVSS7.9AI score0.00826EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/05/31 9:30 p.m.15 views

Duplicate Advisory: CVE-2024-5138: snapd snapctl auth bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p9v8-q5m4-pf46. This link is maintained to preserve external references. Original Description The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privilege...

8.1CVSS7.1AI score0.00826EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2024/05/31 9:15 p.m.39 views

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...

8.1CVSS6.5AI score0.00826EPSS
Exploits1References4
CVE
CVE
added 2024/05/31 9:2 p.m.95 views

CVE-2024-5138

The CVE-2024-5138 issue affects the snapd component snapctl. The root cause is improper parsing/validation of command-line arguments in snapctl, allowing an unprivileged user to trigger an authorised action on behalf of snapd that would normally require administrator privileges. This could lead t...

8.1CVSS6.8AI score0.00826EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/31 9:2 p.m.16 views

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...

6.8AI score0.00826EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/05/31 9:2 p.m.94 views

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...

6.5AI score0.00826EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2024/05/31 9:2 p.m.33 views

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...

8.1CVSS7.5AI score0.00826EPSS
Exploits1
OSV
OSV
added 2024/05/31 9:2 p.m.32 views

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of...

8.1CVSS6.9AI score0.00826EPSS
Exploits1References7
Rows per page
Query Builder