Vulmon Recent Vulnerabilities Trends Blog About Contact
8.5
CVSSv2

CVE-2020-5291

Published: 31/03/2020 Updated: 02/04/2020
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Projectatomic

Vulnerability Summary

Bubblewrap could allow a remote authenticated malicious user to gain elevated privileges on the system, caused by a flaw in the setuid mode. By using a specially crafted namespace, an attacker could exploit this vulnerability to gain root permissions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

projectatomic bubblewrap

debian debian linux 10.0

archlinux arch linux -

centos centos 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-5291, GHSA-j2qp-rvxj-43vj: privilege escalation in some kernel configurations
Debian Bug report logs - #955441 CVE-2020-5291, GHSA-j2qp-rvxj-43vj: privilege escalation in some kernel configurations Package: bubblewrap; Maintainer for bubblewrap is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for bubblewrap is src:bubblewrap (PTS, buildd, popcon) Reported by: Simon M ...

References

CWE-269https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vjhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955441https://nvd.nist.govhttps://exchange.xforce.ibmcloud.com/vulnerabilities/178917
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-1235CVE-2021-1357validationCVE-2021-21253logic flawcameraCVE-2019-8791CVE-2020-8554CVE-2019-8792