7.8
CVE-2019-12439
- EPSS 0.49%
- Veröffentlicht 29.05.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:22:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Projectatomic ≫ Bubblewrap Version < 0.3.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.384 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 7.4 | 1.4 | 5.9 |
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00015.html
https://access.redhat.com/errata/RHSA-2019:1833
https://bugzilla.redhat.com/show_bug.cgi?id=1695963
https://github.com/projectatomic/bubblewrap/commit/efc89e3b939b4bde42c10f065f6b7b02958ed50e
https://github.com/projectatomic/bubblewrap/issues/304
https://github.com/projectatomic/bubblewrap/releases/tag/v0.3.3
https://security.gentoo.org/glsa/202006-18