CVE-2019-11502 - OpenCVE

snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Snapd

Configuration 1 [-]

cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2019/04/25/7
https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
https://www.openwall.com/lists/oss-security/2019/04/18/4

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-24T20:02:32

Updated: 2024-08-04T22:55:40.662Z

Reserved: 2019-04-24T00:00:00

Link: CVE-2019-11502

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-24T21:29:00.727

Modified: 2019-05-02T13:35:31.683

Link: CVE-2019-11502

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-25T17:06:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2019/04/18/4"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1"}, {"name": "[oss-security] 20190425 Re: Security issues in snapcraft snap-confine set*id binary", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/04/25/7"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11502", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.openwall.com/lists/oss-security/2019/04/18/4", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2019/04/18/4"}, {"name": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1", "refsource": "MISC", "url": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1"}, {"name": "[oss-security] 20190425 Re: Security issues in snapcraft snap-confine set*id binary", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/04/25/7"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:40.662Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2019/04/18/4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1"}, {"name": "[oss-security] 20190425 Re: Security issues in snapcraft snap-confine set*id binary", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/04/25/7"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11502", "datePublished": "2019-04-24T20:02:32", "dateReserved": "2019-04-24T00:00:00", "dateUpdated": "2024-08-04T22:55:40.662Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*", "matchCriteriaId": "102DFBEE-3825-4314-8577-DB0948C47E21", "versionEndExcluding": "2.38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory."}, {"lang": "es", "value": "snap-confine, en snap antes de la versi\u00f3n 2.38, establece incorrectamente la propiedad de una aplicaci\u00f3n snap al uid y gid del usuario que realiza la primera llamada. Consecuentemente, ese usuario tiene un acceso no intencionado a un directorio /tmp privado."}], "id": "CVE-2019-11502", "lastModified": "2019-05-02T13:35:31.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-24T21:29:00.727", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/25/7"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Exploit", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2019/04/18/4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}