Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2020-27348

Published: 04/12/2020 Updated: 14/12/2020
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 6.8 | Impact Score: 5.5 | Exploitability Score: 1.3
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Snapcraft

Vulnerability Summary

In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions before 4.4.4, before 2.43.1+16.04.1, and before 2.43.1+18.04.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical snapcraft

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

References

CWE-427https://usn.ubuntu.com/usn/usn-4661-1https://github.com/snapcore/snapcraft/pull/3345https://bugs.launchpad.net/bugs/1901572https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook