Refine your search
51 vulnerabilities found for by Canonical Ltd.
CVE-2023-5616 (GCVE-0-2023-5616)
Vulnerability from cvelistv5
Published
2025-04-15 18:29
Modified
2025-04-15 20:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu's gnome-control-center |
Version: 1:45 Version: 1:44 Version: 1:41 Version: 1:3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-5616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T20:51:27.350779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T20:51:31.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "Ubuntu\u0027s gnome-control-center",
"platforms": [
"Linux"
],
"product": "Ubuntu\u0027s gnome-control-center",
"repo": "https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "1:45.0-1ubuntu3.1",
"status": "affected",
"version": "1:45",
"versionType": "deb"
},
{
"lessThan": "1:44.0-1ubuntu6.1",
"status": "affected",
"version": "1:44",
"versionType": "deb"
},
{
"lessThan": "1:41.7-0ubuntu0.22.04.8",
"status": "affected",
"version": "1:41",
"versionType": "deb"
},
{
"lessThan": "1:3.36.5-0ubuntu4.1",
"status": "affected",
"version": "1:3",
"versionType": "deb"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zygmunt Krynicki"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user."
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:29:54.565Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6554-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://ubuntu.com/security/CVE-2023-5616"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-5616",
"datePublished": "2025-04-15T18:29:54.565Z",
"dateReserved": "2023-10-17T15:39:21.769Z",
"dateUpdated": "2025-04-15T20:51:31.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0092 (GCVE-0-2023-0092)
Vulnerability from cvelistv5
Published
2025-01-31 01:41
Modified
2025-02-07 16:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Version: 2.9.22 ≤ Version: 3.0.0 ≤ Version: 2.9.38 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:10:08.920084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:10:14.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.9.38",
"status": "affected",
"version": "2.9.22",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "2.9.38",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller\u0027s filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T01:41:46.439Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/advisories/GHSA-x5rv-w9pm-8qp8"
},
{
"tags": [
"patch"
],
"url": "https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-0092",
"datePublished": "2025-01-31T01:41:46.439Z",
"dateReserved": "2023-01-05T20:43:04.614Z",
"dateUpdated": "2025-02-07T16:10:14.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1736 (GCVE-0-2022-1736)
Vulnerability from cvelistv5
Published
2025-01-31 01:35
Modified
2025-02-07 16:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu's gnome-control-center |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:07:43.557407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:07:47.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "Ubuntu\u0027s gnome-control-center",
"platforms": [
"Linux"
],
"product": "Ubuntu\u0027s gnome-control-center",
"repo": "https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "42.1.1-2ubuntu1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeremy B\u00edcha"
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu\u0027s configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default."
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T01:35:46.759Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5430-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028"
},
{
"tags": [
"issue-tracking"
],
"url": "https://ubuntu.com/security/CVE-2022-1736"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-1736",
"datePublished": "2025-01-31T01:35:46.759Z",
"dateReserved": "2022-05-16T19:14:42.013Z",
"dateUpdated": "2025-02-07T16:07:47.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11936 (GCVE-0-2020-11936)
Vulnerability from cvelistv5
Published
2025-01-31 01:18
Modified
2025-02-07 16:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
gdbus setgid privilege escalation
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:58:53.328091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:08:28.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.20.11-0ubuntu27.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ryota Shiga"
}
],
"descriptions": [
{
"lang": "en",
"value": "gdbus setgid privilege escalation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T01:34:55.184Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11936"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-11936",
"datePublished": "2025-01-31T01:18:21.509Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:08:28.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28653 (GCVE-0-2022-28653)
Vulnerability from cvelistv5
Published
2025-01-31 00:50
Modified
2025-02-07 15:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Users can consume unlimited disk space in /var/crash
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:56:07.428006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:56:12.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Users can consume unlimited disk space in /var/crash"
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T00:50:49.677Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28653"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28653",
"datePublished": "2025-01-31T00:50:49.677Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2025-02-07T15:56:12.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6219 (GCVE-0-2024-6219)
Vulnerability from cvelistv5
Published
2024-12-05 23:13
Modified
2025-08-28 13:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | LXD |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6219",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:39:00.858631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:29:18.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "lxd",
"platforms": [
"Linux"
],
"product": "LXD",
"repo": "https://github.com/canonical/lxd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "5.21.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mark Laing discovered in LXD\u0027s PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T23:13:19.635Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6219"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6219",
"datePublished": "2024-12-05T23:13:19.635Z",
"dateReserved": "2024-06-20T17:41:42.692Z",
"dateUpdated": "2025-08-28T13:29:18.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6156 (GCVE-0-2024-6156)
Vulnerability from cvelistv5
Published
2024-12-05 23:11
Modified
2025-03-18 15:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | LXD |
Version: 4.0 ≤ Version: 4.0 ≤ Version: 4.0 ≤ Version: 4.0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lxd",
"vendor": "canonical",
"versions": [
{
"lessThan": "5.21.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6156",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:39:16.738252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:58:10.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "lxd",
"platforms": [
"Linux"
],
"product": "LXD",
"repo": "https://github.com/canonical/lxd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.0.4",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.21.2",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "6.1",
"status": "affected",
"version": "4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mark Laing discovered that LXD\u0027s PKI mode, until version 5.21.2, could be bypassed if the client\u0027s certificate was present in the trust store."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T18:07:48.004Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6156"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6156",
"datePublished": "2024-12-05T23:11:04.815Z",
"dateReserved": "2024-06-18T22:34:39.949Z",
"dateUpdated": "2025-03-18T15:58:10.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11586 (GCVE-0-2024-11586)
Vulnerability from cvelistv5
Published
2024-11-23 02:05
Modified
2024-11-25 17:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu's pulseaudio |
Version: 0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:32:19.469940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:32:23.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "pulseaudio",
"platforms": [
"Linux"
],
"product": "Ubuntu\u0027s pulseaudio",
"repo": "https://launchpad.net/ubuntu/+source/pulseaudio",
"vendor": "Canonical Ltd.",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu\u0027s implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T02:05:58.503Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11586"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-11586",
"datePublished": "2024-11-23T02:05:58.503Z",
"dateReserved": "2024-11-20T23:26:19.179Z",
"dateUpdated": "2024-11-25T17:32:23.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9312 (GCVE-0-2024-9312)
Vulnerability from cvelistv5
Published
2024-10-10 13:42
Modified
2024-10-10 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Authd |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubuntu:authd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "authd",
"vendor": "ubuntu",
"versions": [
{
"lessThan": "0.3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:53:16.310907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:55:40.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "authd",
"platforms": [
"Linux"
],
"product": "Authd",
"repo": "https://github.com/ubuntu/authd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "0.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "nicoo"
},
{
"lang": "en",
"type": "analyst",
"value": "Michael Gebetsroither"
},
{
"lang": "en",
"type": "analyst",
"value": "Jamie Bliss"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Adrian Dombeck"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user\u0027s ID and gain their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-286",
"description": "CWE-286",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:42:31.950Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9312"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-9312",
"datePublished": "2024-10-10T13:42:31.950Z",
"dateReserved": "2024-09-27T23:20:44.757Z",
"dateUpdated": "2024-10-10T14:55:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9313 (GCVE-0-2024-9313)
Vulnerability from cvelistv5
Published
2024-10-03 11:04
Modified
2024-11-22 19:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Authd |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:20:32.733162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T19:03:50.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "authd",
"platforms": [
"Linux"
],
"product": "Authd",
"repo": "https://github.com/ubuntu/authd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "0.3.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Trevisan"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Didier Roche-Tolomelli"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T11:04:00.474Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-9313",
"datePublished": "2024-10-03T11:04:00.474Z",
"dateReserved": "2024-09-27T23:20:52.963Z",
"dateUpdated": "2024-11-22T19:03:50.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8038 (GCVE-0-2024-8038)
Vulnerability from cvelistv5
Published
2024-10-02 10:12
Modified
2024-10-02 13:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Version: 3.5 ≤ Version: 3.4 ≤ Version: 3.3 ≤ Version: 3.1 ≤ Version: 2.9 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:52:58.112532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:53:24.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.51",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T10:12:38.806Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8038"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-8038",
"datePublished": "2024-10-02T10:12:38.806Z",
"dateReserved": "2024-08-21T01:05:01.458Z",
"dateUpdated": "2024-10-02T13:53:24.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8037 (GCVE-0-2024-8037)
Vulnerability from cvelistv5
Published
2024-10-02 10:12
Modified
2024-11-01 15:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Version: 3.5 ≤ Version: 3.4 ≤ Version: 3.3 ≤ Version: 3.1 ≤ Version: 2.9 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:56:28.477251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:31:40.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.51",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Guimaraes"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T10:12:32.318Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8037"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-8037",
"datePublished": "2024-10-02T10:12:32.318Z",
"dateReserved": "2024-08-21T00:45:34.399Z",
"dateUpdated": "2024-11-01T15:31:40.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7558 (GCVE-0-2024-7558)
Vulnerability from cvelistv5
Published
2024-10-02 10:06
Modified
2024-10-02 13:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Version: 3.5 ≤ Version: 3.4 ≤ Version: 3.3 ≤ Version: 3.1 ≤ Version: 2.9 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:58:28.823188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:59:04.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.51",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340: Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391: Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T10:06:31.098Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7558"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-7558",
"datePublished": "2024-10-02T10:06:31.098Z",
"dateReserved": "2024-08-06T13:45:13.579Z",
"dateUpdated": "2024-10-02T13:59:04.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8287 (GCVE-0-2024-8287)
Vulnerability from cvelistv5
Published
2024-09-18 18:35
Modified
2024-09-19 20:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Anbox Cloud |
Version: 1.17.0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:anbox_cloud:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anbox_cloud",
"vendor": "canonical",
"versions": [
{
"lessThan": "1.23.1",
"status": "affected",
"version": "1.17.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T20:23:48.348893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T20:25:24.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "anbox",
"platforms": [
"Linux"
],
"product": "Anbox Cloud",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "1.23.1",
"status": "affected",
"version": "1.17.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simon Fels"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Simon Fels"
}
],
"descriptions": [
{
"lang": "en",
"value": "Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:52:28.961Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/anbox-cloud/+bug/2077570"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8287"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-8287",
"datePublished": "2024-09-18T18:35:25.803Z",
"dateReserved": "2024-08-28T19:43:49.942Z",
"dateUpdated": "2024-09-19T20:25:24.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5290 (GCVE-0-2024-5290)
Vulnerability from cvelistv5
Published
2024-08-07 08:14
Modified
2024-09-18 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | wpa_supplicant |
Version: 2:2.10-15 ≤ Version: 2:2.9.0-21build1 ≤ Version: 2:2.9-1ubuntu2 ≤ Version: 2.4-0ubuntu10 ≤ Version: 2.4-0ubuntu3 ≤ Version: 2.1-0ubuntu1 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wpa_supplicant",
"vendor": "w1.fi",
"versions": [
{
"lessThan": "2:2.10-21ubuntu0.1",
"status": "affected",
"version": "2:2.10-15",
"versionType": "semver"
},
{
"lessThan": "2:2.10-6ubuntu2.1",
"status": "affected",
"version": "2:2.9.0-21build1",
"versionType": "semver"
},
{
"lessThan": "2:2.9-1ubuntu4.4",
"status": "affected",
"version": "2:2.9-1ubuntu2",
"versionType": "semver"
},
{
"lessThan": "2:2.6-15ubuntu2.8+esm1",
"status": "affected",
"version": "2.4-0ubuntu10",
"versionType": "semver"
},
{
"lessThan": "2.4-0ubuntu6.8+esm1",
"status": "affected",
"version": "2.4-0ubuntu3",
"versionType": "semver"
},
{
"lessThan": "2.1-0ubuntu1.7+esm5",
"status": "affected",
"version": "2.1-0ubuntu1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5290",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:37:32.036314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:39:53.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/ubuntu/+source/",
"defaultStatus": "unaffected",
"modules": [
"runtime API to load OpenSC module or PKCS11 engine or module"
],
"packageName": "wpa",
"platforms": [
"Linux"
],
"product": "wpa_supplicant",
"programFiles": [
"src/crypto/tls_openssl.c"
],
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2:2.10-21ubuntu0.1",
"status": "affected",
"version": "2:2.10-15",
"versionType": "semver"
},
{
"lessThan": "2:2.10-6ubuntu2.1",
"status": "affected",
"version": "2:2.9.0-21build1",
"versionType": "semver"
},
{
"lessThan": "2:2.9-1ubuntu4.4",
"status": "affected",
"version": "2:2.9-1ubuntu2",
"versionType": "semver"
},
{
"lessThan": "2:2.6-15ubuntu2.8+esm1",
"status": "affected",
"version": "2.4-0ubuntu10",
"versionType": "semver"
},
{
"lessThan": "2.4-0ubuntu6.8+esm1",
"status": "affected",
"version": "2.4-0ubuntu3",
"versionType": "semver"
},
{
"lessThan": "2.1-0ubuntu1.7+esm5",
"status": "affected",
"version": "2.1-0ubuntu1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rory McNamara"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Marc Deslauriers"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Sudhakar Verma"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).\n\n\n\n\nMembership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist."
}
],
"impacts": [
{
"capecId": "CAPEC-641",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-641 DLL Side-Loading"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:45:47.115Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613"
},
{
"url": "https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/"
},
{
"url": "https://ubuntu.com/security/notices/USN-6945-1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-5290",
"datePublished": "2024-08-07T08:14:08.153Z",
"dateReserved": "2024-05-23T21:10:21.160Z",
"dateUpdated": "2024-09-18T15:39:53.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6984 (GCVE-0-2024-6984)
Vulnerability from cvelistv5
Published
2024-07-29 14:04
Modified
2024-08-01 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Version: 3.5 ≤ Version: 3.4 ≤ Version: 3.3 ≤ Version: 3.1 ≤ Version: 2.9 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "juju",
"vendor": "canonical",
"versions": [
{
"lessThan": "2.9.50",
"status": "affected",
"version": "2.9",
"versionType": "semver"
},
{
"lessThan": "3.1.9",
"status": "affected",
"version": "3.1",
"versionType": "custom"
},
{
"lessThan": "3.3.5",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T14:37:36.928450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T14:41:50.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:45:38.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "juju",
"platforms": [
"Linux",
"MacOS",
"Windows"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.5",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.9",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.50",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Valverde Guimaraes"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Joe Phillips"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T14:04:05.925Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6984"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6984",
"datePublished": "2024-07-29T14:04:05.925Z",
"dateReserved": "2024-07-22T21:29:24.954Z",
"dateUpdated": "2024-08-01T21:45:38.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6714 (GCVE-0-2024-6714)
Vulnerability from cvelistv5
Published
2024-07-23 15:46
Modified
2024-08-01 21:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu Desktop Provision |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:ubuntu_desktop_provision:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ubuntu_desktop_provision",
"vendor": "canonical",
"versions": [
{
"lessThan": "0.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T19:00:37.866400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T19:04:10.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/canonical/ubuntu-desktop-provision/commit/8d9086de0f82894ff27a9e429ff4f45231020092"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "provd",
"platforms": [
"Linux"
],
"product": "Ubuntu Desktop Provision",
"repo": "https://github.com/canonical/ubuntu-desktop-provision",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "0.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Henstridge"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Matthew Gary Hagemann"
},
{
"lang": "en",
"type": "coordinator",
"value": "Luci Stanescu"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T15:46:58.102Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/canonical/ubuntu-desktop-provision/commit/8d9086de0f82894ff27a9e429ff4f45231020092"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6714"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6714",
"datePublished": "2024-07-23T15:46:58.102Z",
"dateReserved": "2024-07-12T14:11:48.205Z",
"dateUpdated": "2024-08-01T21:41:04.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6388 (GCVE-0-2024-6388)
Vulnerability from cvelistv5
Published
2024-06-27 15:39
Modified
2024-08-01 21:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu Advantage Desktop Pro |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_advantage_desktop_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ubuntu_advantage_desktop_pro",
"vendor": "canonical",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6388",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T18:48:51.687477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T18:25:45.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "ubuntu-advantage-desktop-daemon",
"platforms": [
"Linux"
],
"product": "Ubuntu Advantage Desktop Pro",
"repo": "https://github.com/canonical/ubuntu-advantage-desktop-daemon",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Trevisan"
}
],
"descriptions": [
{
"lang": "en",
"value": "Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T15:39:04.168Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6388",
"datePublished": "2024-06-27T15:39:04.168Z",
"dateReserved": "2024-06-27T14:21:13.801Z",
"dateUpdated": "2024-08-01T21:41:03.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27352 (GCVE-0-2020-27352)
Vulnerability from cvelistv5
Published
2024-06-21 20:06
Modified
2024-08-04 16:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | snapd |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapd",
"vendor": "canonical",
"versions": [
{
"lessThan": "2.48.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-27352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:14:07.392127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T20:56:52.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/snapd/+bug/1910456"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-4728-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "snapd",
"platforms": [
"Linux"
],
"product": "snapd",
"repo": "https://github.com/snapcore/snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.48.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gilad Reti"
},
{
"lang": "en",
"type": "finder",
"value": "Nimrod Stoler"
}
],
"descriptions": [
{
"lang": "en",
"value": "When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T20:06:37.992Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/snapd/+bug/1910456"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-4728-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27352"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-27352",
"datePublished": "2024-06-21T20:06:37.992Z",
"dateReserved": "2020-10-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:11:36.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4968 (GCVE-0-2022-4968)
Vulnerability from cvelistv5
Published
2024-06-07 00:14
Modified
2024-08-03 01:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Netplan |
Version: 0 ≤ 1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:32:34.883777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:32:45.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:46.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/netplan/+bug/1987842"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2065738"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "netplan.io",
"platforms": [
"Linux"
],
"product": "Netplan",
"repo": "https://github.com/canonical/netplan",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andreas Hasenack"
}
],
"descriptions": [
{
"lang": "en",
"value": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T21:30:24.017Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/netplan/+bug/1987842"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2065738"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-4968",
"datePublished": "2024-06-07T00:14:22.528Z",
"dateReserved": "2024-05-23T21:59:38.511Z",
"dateUpdated": "2024-08-03T01:55:46.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28658 (GCVE-0-2022-28658)
Vulnerability from cvelistv5
Published
2024-06-04 22:03
Modified
2024-10-27 14:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:49:23.848642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T14:58:19.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T22:03:53.633Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28658",
"datePublished": "2024-06-04T22:03:53.633Z",
"dateReserved": "2022-04-05T02:16:30.820Z",
"dateUpdated": "2024-10-27T14:58:19.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28657 (GCVE-0-2022-28657)
Vulnerability from cvelistv5
Published
2024-06-04 22:02
Modified
2024-08-03 05:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Apport does not disable python crash handler before entering chroot
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apport",
"vendor": "canonical",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T16:10:45.492438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T16:14:22.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport does not disable python crash handler before entering chroot"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T22:02:26.017Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28657",
"datePublished": "2024-06-04T22:02:26.017Z",
"dateReserved": "2022-04-05T02:16:30.820Z",
"dateUpdated": "2024-08-03T05:56:16.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28656 (GCVE-0-2022-28656)
Vulnerability from cvelistv5
Published
2024-06-04 21:58
Modified
2025-03-19 17:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
is_closing_session() allows users to consume RAM in the Apport process
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T15:36:41.217327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:42:19.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to consume RAM in the Apport process"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:58:44.839Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28656",
"datePublished": "2024-06-04T21:58:44.839Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2025-03-19T17:42:19.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28655 (GCVE-0-2022-28655)
Vulnerability from cvelistv5
Published
2024-06-04 21:56
Modified
2024-10-27 17:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
is_closing_session() allows users to create arbitrary tcp dbus connections
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:08:24.480412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T17:49:04.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to create arbitrary tcp dbus connections"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:56:50.616Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28655",
"datePublished": "2024-06-04T21:56:50.616Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2024-10-27T17:49:04.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28654 (GCVE-0-2022-28654)
Vulnerability from cvelistv5
Published
2024-06-04 21:54
Modified
2024-10-27 17:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
is_closing_session() allows users to fill up apport.log
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T20:34:31.535447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T17:48:06.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to fill up apport.log"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:54:37.199Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28654",
"datePublished": "2024-06-04T21:54:37.199Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2024-10-27T17:48:06.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28652 (GCVE-0-2022-28652)
Vulnerability from cvelistv5
Published
2024-06-04 21:38
Modified
2025-03-13 18:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:47:40.492996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T18:21:18.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "~/.config/apport/settings parsing is vulnerable to \"billion laughs\" attack"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:38:44.324Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28652",
"datePublished": "2024-06-04T21:38:44.324Z",
"dateReserved": "2022-04-05T02:16:30.818Z",
"dateUpdated": "2025-03-13T18:21:18.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1242 (GCVE-0-2022-1242)
Vulnerability from cvelistv5
Published
2024-06-03 18:48
Modified
2025-03-27 19:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Apport can be tricked into connecting to arbitrary sockets as the root user
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T20:28:52.542056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:31:12.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport can be tricked into connecting to arbitrary sockets as the root user"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:48:02.281Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-1242",
"datePublished": "2024-06-03T18:48:02.281Z",
"dateReserved": "2022-04-05T14:45:10.551Z",
"dateUpdated": "2025-03-27T19:31:12.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3899 (GCVE-0-2021-3899)
Vulnerability from cvelistv5
Published
2024-06-03 18:40
Modified
2024-08-19 14:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apport:apport:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apport",
"vendor": "apport",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T14:09:25.391252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T14:10:41.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muqing Liu from Singurlar Security Lab"
},
{
"lang": "en",
"type": "finder",
"value": "neoni"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a race condition in the \u0027replaced executable\u0027 detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root."
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:40:32.847Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3899",
"datePublished": "2024-06-03T18:40:32.847Z",
"dateReserved": "2021-10-23T01:51:35.297Z",
"dateUpdated": "2024-08-19T14:10:41.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0555 (GCVE-0-2022-0555)
Vulnerability from cvelistv5
Published
2024-06-03 18:17
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | subiquity |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "subiquity",
"vendor": "canonical",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T17:41:55.971187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:51:14.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:17:35.956Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-0555",
"datePublished": "2024-06-03T18:17:35.956Z",
"dateReserved": "2022-02-10T02:44:55.484Z",
"dateUpdated": "2024-08-02T23:32:46.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5138 (GCVE-0-2024-5138)
Vulnerability from cvelistv5
Published
2024-05-31 21:02
Modified
2024-09-06 19:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | snapd |
Version: 0 < 68ee9c6aa916ab87dbfd9a26030690f2cabf1e14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/snapd/+bug/2065077"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5138"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapd",
"vendor": "canonical",
"versions": [
{
"lessThan": "68ee9c6aa916ab87dbfd9a26030690f2cabf1e14",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5138",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T19:03:04.672013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:48:49.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "snapd",
"platforms": [
"Linux"
],
"product": "snapd",
"repo": "https://github.com/snapcore/snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "68ee9c6aa916ab87dbfd9a26030690f2cabf1e14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rory McNamara from Snyk Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"value": "The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar."
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T01:17:51.897Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/snapd/+bug/2065077"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5138"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-5138",
"datePublished": "2024-05-31T21:02:19.979Z",
"dateReserved": "2024-05-19T22:29:02.330Z",
"dateUpdated": "2024-09-06T19:48:49.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}