8.8

CVE-2017-5180

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Firejail ProjectFirejail SwEdition- Version < 0.9.44.4
Firejail ProjectFirejail SwEditionlts Version >= 0.9.38 < 0.9.38.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.74% 0.498
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2 6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://openwall.com/lists/oss-security/2017/01/04/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/95298
Third Party Advisory
VDB Entry
https://firejail.wordpress.com/download-2/release-notes/
Vendor Advisory
Release Notes
https://security.gentoo.org/glsa/201701-62
Third Party Advisory