CVE-2021-3155

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3155
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3155.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3155
Downstream
Published
2022-02-17T23:15:07.337Z
Modified
2026-04-11T12:36:26.254790Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "18.04"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "20.04"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "21.10"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/canonical/snapd

Affected ranges

Type
GIT
Repo
https://github.com/canonical/snapd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c80b318bb4723ef43591afc95bd6d1ceeecba937
Fixed
6bcaeeccd16ed8298a301dd92f6907f88c24cc85
Fixed
7d2a966620002149891446a53cf114804808dcca
Database specific 
{
    "cpe": "cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.54.3"
        }
    ]
}

Affected versions

1.*
1.0-0ubuntu1
1.0.1-0ubuntu1
1.1-0ubuntu1
1.1.1-0ubuntu1
1.1.2-0ubuntu1
1.2-0ubuntu1
1.3ubuntu1
1.4ubuntu1
1.5ubuntu1
1.6ubuntu1
1.7.2+20160113ubuntu1
1.7.2+20160204ubuntu1
1.7.2+20160223ubuntu1
1.7.2ubuntu1
1.7.3+20160225ubuntu1
1.7.3+20160303ubuntu1
1.7.3+20160303ubuntu2
1.7.3+20160303ubuntu3
1.7.3+20160303ubuntu4
1.7.3+20160308ubuntu1
1.7.3+20160310ubuntu1
1.7ubuntu1
1.9
1.9.1
1.9.2
1.9.3
1.9.4
2.*
2.0
2.0.10
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.11
2.12
2.13
2.14
2.14.1
2.14.2.16.04
2.15
2.15.2
2.54
2.54.1
2.54.2
Other
ppa
untagged-ec50ee5bfb45daefc236

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3155.json"