snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
References
Link | Resource |
---|---|
https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 | Patch Third Party Advisory |
https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca | Patch Third Party Advisory |
https://ubuntu.com/security/notices/USN-5292-1 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2022-02-17T22:15:16
Updated: 2022-02-17T22:15:16
Reserved: 2021-01-15T00:00:00
Link: CVE-2021-3155
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-17T23:15:07.337
Modified: 2022-02-25T21:32:12.883
Link: CVE-2021-3155
JSON object: View
Redhat Information
No data.
CWE