8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
20.7%
Flatpak is a system for building, distributing, and running sandboxed
desktop applications on Linux. A bug was discovered in the flatpak-portal
service that can allow sandboxed applications to execute arbitrary code on
the host system (a sandbox escape). This sandbox-escape bug is present in
versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The
Flatpak portal D-Bus service (flatpak-portal
, also known by its D-Bus
service name org.freedesktop.portal.Flatpak
) allows apps in a Flatpak
sandbox to launch their own subprocesses in a new sandbox instance, either
with the same security settings as the caller or with more restrictive
security settings. For example, this is used in Flatpak-packaged web
browsers such as Chromium to launch subprocesses that will process
untrusted web content, and give those subprocesses a more restrictive
sandbox than the browser itself. In vulnerable versions, the Flatpak portal
service passes caller-specified environment variables to non-sandboxed
processes on the host system, and in particular to the flatpak run
command that is used to launch the new sandbox instance. A malicious or
compromised Flatpak app could set environment variables that are trusted by
the flatpak run
command, and use them to execute arbitrary code that is
not in a sandbox. As a workaround, this vulnerability can be mitigated by
preventing the flatpak-portal
service from starting, but that mitigation
will prevent many Flatpak apps from working correctly. This is fixed in
versions 1.8.5 and 1.10.0.
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
20.7%