CVE-2020-13753

EPSS 1.43%
Veröffentlicht 14.07.2020 14:15:17
Zuletzt bearbeitet 21.11.2024 05:01:46
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webkitgtk ≫ Webkitgtk Version < 2.28.3

Wpewebkit ≫ Wpe Webkit Version < 2.28.3

Fedoraproject ≫ Fedora Version31

Debian ≫ Debian Linux Version10.0

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.10

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Opensuse ≫ Leap Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.43%	0.801

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/

https://security.gentoo.org/glsa/202007-11

Third Party Advisory

https://trac.webkit.org/changeset/262368/webkit

Patch

Vendor Advisory

https://usn.ubuntu.com/4422-1/

Third Party Advisory

https://www.debian.org/security/2020/dsa-4724