Published: 13/01/2022 Updated: 23/12/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak before 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flatpak flatpak-builder
flatpak flatpak
fedoraproject fedora 35
redhat enterprise linux 8.0
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0

Several vulnerabilities were discovered in Flatpak, an application deployment framework for desktop apps CVE-2021-43860 Ryan Gonzalez discovered that Flatpak didn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime Malicious apps coul ...

Flatpak is a Linux application sandboxing and distribution framework A path traversal vulnerability affects versions of Flatpak prior to 1123 and 1106 flatpak-builder applies `finish-args` last in the build At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it wil ...

An incorrect authorization vulnerability was found in Flatpak Flatpak does not properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime in the case that there's a null byte in the metadata file of an app This issue allows apps to grant themselves permissions ...

CWE-22 https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a https://www.debian.org/security/2022/dsa-5049 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXKBERLJRYV7KXKGXOLI6IOXVBQNN4DP/https://security.gentoo.org/glsa/202312-12 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5049

CVE-2022-21682

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect