CVE-2020-27348
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-27348
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27348.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-27348
- Aliases
- Related
- Published
- 2020-12-04T03:15:12Z
- Modified
- 2024-10-12T06:25:24.509349Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.
- References
Affected packages
Git / github.com/snapcore/snapcraft
Affected ranges
- Type
- GIT
- Repo
- https://github.com/snapcore/snapcraft
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.4
0.5
0.6
2.*
2.0
2.0.1
2.1
2.1.1
2.10
2.10.1
2.11
2.12
2.12.1
2.13
2.13.1
2.14
2.15
2.15.1
2.16
2.17
2.18
2.18.1
2.19
2.2
2.2.1
2.2.2
2.20
2.21
2.22
2.22.1
2.23
2.24
2.25
2.26
2.27
2.27.1
2.28
2.29
2.29.1
2.3
2.3.2
2.30
2.31
2.32
2.33
2.34
2.35
2.36
2.36.1
2.37
2.38
2.39
2.39.1
2.39.2
2.4
2.40
2.40.1
2.41
2.42
2.42.1
2.43
2.43.1
2.5
2.6
2.6.1
2.7
2.8
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.9
3.*
3.0
3.0.1
3.1
3.1.1
3.10
3.10.1
3.10.2
3.11
3.2
3.3
3.4
3.4.1
3.5
3.5.1
3.6
3.7
3.7.1
3.7.2
3.8
3.9
3.9.1
3.9.2
4.*
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0rc1
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.2
4.3
4.4
4.4.1
4.4.2
4.4.3
Other
refs/tags
untagged-062755d465f752108ab6