CVE-2020-27348

In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
canonicalCNA
6.8 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
canonicalsnapcraft
𝑥
< 4.4.4
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
snapcraft
groovy
not-affected
focal
not-affected
bionic
Fixed 2.43.1+18.04.1
released
xenial
Fixed 2.43.1+16.04.1
released
trusty
dne
Common Weakness Enumeration
References
https://bugs.launchpad.net/bugs/1901572
https://github.com/snapcore/snapcraft/pull/3345
https://usn.ubuntu.com/usn/usn-4661-1
https://bugs.launchpad.net/bugs/1901572
https://github.com/snapcore/snapcraft/pull/3345
https://usn.ubuntu.com/usn/usn-4661-1