James Troup

**Name of the Vulnerable Software and Affected Versions** snapd versions 2.54.2 and earlier **Description** The issue allows a local attacker to read private information due to the creation of ~/snap directories in user home directories without specifying owner-only permissions. **Recommendations** For snapd versions 2.54.2 and earlier, update to version 2.54.3+18.04, 2.54.3+20.04, or 2.54.3+21.10.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ubuntu Metal as a Service (MaaS) versions 1.2 and 1.4 **Description** The issue allows local users to obtain RabbitMQ authentication credentials by reading a file with world-readable permissions. This affects the txlongpoll.yaml file. **Recommendations** For Ubuntu Metal as a Service (MaaS) version 1.2, update the permissions of the txlongpoll.yaml file to restrict access. For Ubuntu Metal as a Service (MaaS) version 1.4, update the permissions of the txlongpoll.yaml file to restrict access.