CVE-2024-42472

CVE-2024-42472 affects Flatpak before 1.14.0/1.15.10 and allows a malicious or compromised Flatpak app using persistent directories to access or write files outside the sandbox. The root cause is a symlink-following issue when mounting persistent (persist) directories, causing the bind mount to f...

CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

Rocky Linux 8 : flatpak-builder (RLSA-2022:7458)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7458 advisory. - Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6...

Amazon Linux 2022 : flatpak, flatpak-devel, flatpak-libs (ALAS2022-2022-179)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-179 advisory. An incorrect authorization vulnerability was found in Flatpak. Flatpak does not properly validate that the permissions displayed to the user for an app at install time match the actual...

openSUSE 15 Security Update : flatpak (openSUSE-SU-2022:0712-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0712-1 advisory. - Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly...

CVE-2021-43860

CVE-2021-43860 (Flatpak) affects Flatpak prior to 1.12.3 and 1.10.6, where permissions shown to users at install time may not match runtime permissions due to a null byte in app metadata. Malicious apps can grant themselves hidden permissions because xa.metadata is read from commit metadata as a ...