8.8

CVE-2017-5180

EPSS 0.39%
Published 09.02.2017 18:59:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Firejail Project ≫ Firejail SwEdition- Version < 0.9.44.4

Firejail Project ≫ Firejail SwEditionlts Version >= 0.9.38 < 0.9.38.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.39%	0.571

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2	6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://openwall.com/lists/oss-security/2017/01/04/2

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/95298

Third Party Advisory

VDB Entry

https://firejail.wordpress.com/download-2/release-notes/

Vendor Advisory

Release Notes

https://security.gentoo.org/glsa/201701-62

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-5180

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5180

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5180

EUVD