The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2019-04-22T15:35:59.648562Z

Updated: 2024-09-16T23:46:24.656Z

Reserved: 2016-01-12T00:00:00

Link: CVE-2016-1587

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-04-22T16:29:01.413

Modified: 2024-11-21T02:46:41.720

Link: CVE-2016-1587

cve-icon Redhat

No data.