CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
20.8%
In snapd versions prior to 2.62, when using AppArmor for enforcement of
sandbox permissions, snapd failed to restrict writes to the $HOME/bin
path. In Ubuntu, when this path exists, it is automatically added to the
users PATH. An attacker who could convince a user to install a malicious
snap which used the ‘home’ plug could use this vulnerability to install
arbitrary scripts into the users PATH which may then be run by the user
outside of the expected snap sandbox and hence allow them to escape
confinement.
Author | Note |
---|---|
sarnold | CWE-732 CAPEC-1 |