CVE-2020-5291

Name of the Vulnerable Software and Affected Versions Bubblewrap versions prior to 0.4.1

Description The issue is related to insecure privilege management in the Bubblewrap application. Exploitation of this issue may allow a remote attacker to impact the confidentiality and integrity of protected information. The vulnerability can be exploited when Bubblewrap is installed in setuid mode and the kernel supports unprivileged user namespaces, allowing an attacker to use the bwrap --userns2 option to gain root permissions. This issue is known to affect certain configurations of Debian, Arch, and Centos systems where unprivileged user namespaces are enabled.

Recommendations For Bubblewrap versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the setuid mode for Bubblewrap until the update is applied. Additionally, restrict the use of the bwrap --userns2 option to minimize the risk of exploitation.