CVE-2024-1724
Severity:
MEDIUM
Type:
Unavailable / Other
Publication date:
25/07/2024
Last modified:
26/07/2024
Description
In snapd versions prior to 2.62, when using AppArmor for enforcement of <br />
sandbox permissions, snapd failed to restrict writes to the $HOME/bin<br />
path. In Ubuntu, when this path exists, it is automatically added to<br />
the users PATH. An attacker who could convince a user to install a<br />
malicious snap which used the &#39;home&#39; plug could use this vulnerability<br />
to install arbitrary scripts into the users PATH which may then be run<br />
by the user outside of the expected snap sandbox and hence allow them<br />
to escape confinement.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM