3.3

CVE-2025-5467

Exploit

Ubuntu Apport Insecure File Permissions Vulnerability

It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalApport Version >= 2.20.1-0ubuntu1 < 2.20.1-0ubuntu2.30
CanonicalApport Version >= 2.20.9-0ubuntu7 < 2.20.9-0ubuntu7.29
CanonicalApport Version >= 2.20.11-0ubuntu27 < 2.20.11-0ubuntu27.28
CanonicalApport Version >= 2.20.11-0ubuntu82 < 2.20.11-0ubuntu82.7
CanonicalApport Version >= 2.28.1-0ubuntu1 < 2.28.1-0ubuntu3.6
CanonicalApport Version >= 2.32.0-0ubuntu1 < 2.32.0-0ubuntu5.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.037
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@ubuntu.com 1.9 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-708 Incorrect Ownership Assignment

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.