VDB
CVE-2021-3155
CVE-2021-3155
PUBLISHED
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
EPSS 0.03% · 8.6th percentile
Risk Scores
EPSS Score
0.03%
8.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | snapd | 0, 2.28.5+17.10, 2.54.2+18.04ubuntu1 |
| Ubuntu:20.04:LTS | snapd | 2.48.3+20.04, 0, 2.41+19.10.1 |
| Ubuntu:Pro:16.04:LTS | snapd | 2.37.4, 2.33.1ubuntu2, 2.32.9 |
Exploit Intelligence
Timeline
- Jan 13, 2021 CVE Published
- Feb 18, 2022 EPSS Score
- Apr 11, 2022 EPSS Score
- Jun 2, 2022 EPSS Score
- Jul 25, 2022 EPSS Score
- Sep 15, 2022 EPSS Score
- Nov 7, 2022 EPSS Score
- Dec 29, 2022 EPSS Score
- Feb 19, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 12, 2023 EPSS Score
- Jun 3, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-3155 third-party-advisory
- https://ubuntu.com/security/notices/USN-5292-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3155 third-party-advisory
- https://ubuntu.com/security/notices/USN-5292-3 vendor-advisory
- https://ubuntu.com/security/notices/USN-5292-2 vendor-advisory