3.3

CVE-2025-5467

Exploit
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalApport Version >= 2.20.1-0ubuntu1 < 2.20.1-0ubuntu2.30
CanonicalApport Version >= 2.20.9-0ubuntu7 < 2.20.9-0ubuntu7.29
CanonicalApport Version >= 2.20.11-0ubuntu27 < 2.20.11-0ubuntu27.28
CanonicalApport Version >= 2.20.11-0ubuntu82 < 2.20.11-0ubuntu82.7
CanonicalApport Version >= 2.28.1-0ubuntu1 < 2.28.1-0ubuntu3.6
CanonicalApport Version >= 2.32.0-0ubuntu1 < 2.32.0-0ubuntu5.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.031
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@ubuntu.com 1.9 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-708 Incorrect Ownership Assignment

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.