CVE-2020-11934

Name of the Vulnerable Software and Affected Versions snapd versions prior to 2.45.1ubuntu0.2 snapd versions prior to 2.45.1+18.04.2 snapd versions prior to 2.45.1+20.04.2

Description It was discovered that snapctl user-open allowed altering the $XDG DATA DIRS environment variable when calling the system xdg-open. The OpenURL() function in usersession/userd/launcher.go would alter $XDG DATA DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems.

Recommendations For versions prior to 2.45.1ubuntu0.2, update to version 2.45.1ubuntu0.2 or later. For versions prior to 2.45.1+18.04.2, update to version 2.45.1+18.04.2 or later. For versions prior to 2.45.1+20.04.2, update to version 2.45.1+20.04.2 or later.