VDB
CVE-2020-27348
CVE-2020-27348
PUBLISHED
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.
EPSS 0.07% · 21.8th percentile
Risk Scores
EPSS Score
0.07%
21.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | snapcraft | 0.5, 0.6, 1.0 |
| Ubuntu:18.04:LTS | snapcraft | 0, 2.34+17.10, 2.39.2+18.04.2 |
Exploit Intelligence
- https://bugs.launchpad.net/bugs/1901572 (nist-nvd)
- Canonical Snapcraft vulnerable to remote code execution under certain conditions (hackerone)
- Canonical Snapcraft vulnerable to remote code execution under certain conditions (hackerone)
- Canonical Snapcraft vulnerable to remote code execution under certain conditions (hackerone)
- https://github.com/snapcore/snapcraft/pull/3345 (circl)
- https://usn.ubuntu.com/usn/usn-4661-1 (circl)
Timeline
- CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jul 23, 2021 PoC Published
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-27348 third-party-advisory
- https://github.com/snapcore/snapcraft/pull/3345 third-party-advisory
- https://ubuntu.com/security/notices/USN-4661-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27348 third-party-advisory