CVE-2017-5180

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-5180
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5180.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-5180
Downstream
Related
Published
2017-02-09T18:59:00.127Z
Modified
2025-11-14T03:35:16.093302Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.

References

Affected packages

Git / github.com/netblue30/firejail

Affected ranges

Type
GIT
Repo
https://github.com/netblue30/firejail
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e0422ca2be6482f375400562b68e9d72d739964b