PT-2018-5624 · Canonical · Snapd

Robert Ancell

Publicado

2018-02-02

Atualizado

2019-10-03

CVE-2017-14178

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: snapd versions 2.27 through 2.29.2

Description: The issue allows unprivileged, unauthenticated users to bypass systemd-journald's access restrictions by making the 'snap logs' command call journalctl without match arguments.

Recommendations: For snapd versions 2.27 through 2.29.2, consider restricting access to the snap logs command until a patch is available. As a temporary workaround, avoid using the snap logs command with unprivileged or unauthenticated users to minimize the risk of exploitation.

Correção

Improper Handling of Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-755

Identificadores relacionados

CVE-2017-14178

Produtos afetados

Snapd

PT-2018-5624 · Canonical · Snapd

CVE-2017-14178

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10