PT-2020-5762 · Firejail+2 · Firejail+2

Tim Starling

Published

2020-08-06

Updated

2024-06-15

CVE-2020-17368

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Firejail versions 0.9.62 and earlier

Description: The issue is related to the mishandling of shell metacharacters during the use of the --output or --output-stderr option, which may lead to command injection. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations: For Firejail versions 0.9.62 and earlier, consider disabling the use of the --output and --output-stderr options until a patch is available. Restrict access to the vulnerable functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALT-PU-2020-2617

ALT-PU-2020-2653

ALT-PU-2020-3022

ALT-PU-2020-3055

BDU:2021-01721

CVE-2020-17368

DLA-2336-1

DSA-4742-1

DSA-4767-1

MGASA-2020-0328

OPENSUSE-SU-2020:1208-1

OPENSUSE-SU-2020_1208-1

OPENSUSE-SU-2021:0271-1

OPENSUSE-SU-2021_0271-1

OPENSUSE-SU-2024:10759-1

Affected Products

Alt Linux

Firejail

Suse

PT-2020-5762 · Firejail+2 · Firejail+2

CVE-2020-17368

Weakness Enumeration

Related Identifiers

Affected Products

References · 46