8.8

CVE-2017-5180

EPSS 0.39%
Veröffentlicht 09.02.2017 18:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Firejail Project ≫ Firejail SwEdition- Version < 0.9.44.4

Firejail Project ≫ Firejail SwEditionlts Version >= 0.9.38 < 0.9.38.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.571

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2	6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://openwall.com/lists/oss-security/2017/01/04/2

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/95298

Third Party Advisory

VDB Entry

https://firejail.wordpress.com/download-2/release-notes/

Vendor Advisory

Release Notes

https://security.gentoo.org/glsa/201701-62

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-5180

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5180

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5180

EUVD