CVE-2024-1724

2024-07-0100:00:00

ubuntu.com

snapd

apparmor

$home/bin

ubuntu

path

sandbox

confinement

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

20.8%

JSON

In snapd versions prior to 2.62, when using AppArmor for enforcement of
sandbox permissions, snapd failed to restrict writes to the $HOME/bin
path. In Ubuntu, when this path exists, it is automatically added to the
users PATH. An attacker who could convince a user to install a malicious
snap which used the ‘home’ plug could use this vulnerability to install
arbitrary scripts into the users PATH which may then be run by the user
outside of the expected snap sandbox and hence allow them to escape
confinement.

Notes

Author	Note
sarnold	CWE-732 CAPEC-1

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsnapd< anyUNKNOWN
ubuntu20.04noarchsnapd< anyUNKNOWN
ubuntu22.04noarchsnapd< anyUNKNOWN
ubuntu24.04noarchsnapd< 2.62+24.04build1UNKNOWN
ubuntu16.04noarchsnapd< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	snapd	< any	UNKNOWN
ubuntu	20.04	noarch	snapd	< any	UNKNOWN
ubuntu	22.04	noarch	snapd	< any	UNKNOWN
ubuntu	24.04	noarch	snapd	< 2.62+24.04build1	UNKNOWN
ubuntu	16.04	noarch	snapd	< any	UNKNOWN