CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-27348

In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.1%

CVSS Severity

CVSS v3 Score 6.8

CVSS v2 Score 4.4

References

https://bugs.launchpad.net/bugs/1901572
https://github.com/snapcore/snapcraft/pull/3345
https://usn.ubuntu.com/usn/usn-4661-1
https://bugs.launchpad.net/bugs/1901572
https://github.com/snapcore/snapcraft/pull/3345
https://usn.ubuntu.com/usn/usn-4661-1

Products affected by CVE-2020-27348

Canonical » Snapcraft » Version: Any

cpe:2.3:a:canonical:snapcraft:*
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27348

Products

Pricing

Contact Us