FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-29069

Externally Controlled Reference to a Resource in Another Sphere (CWE-610)

Published: Jul 25, 2024 / Updated: 3mo ago

010
CVSS 7.3EPSS 0.04%High
CVE info copied to clipboard

Summary

In snapd versions prior to 2.62, there is a vulnerability where snapd fails to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image that can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files) are directly read by snapd when it is extracted. This vulnerability could allow an attacker to exploit the improper handling of symbolic links.

Impact

An attacker who could convince a user to install a malicious snap containing symbolic links at specific paths could cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This could allow an unprivileged user to gain access to privileged information. The vulnerability has low impact on confidentiality, integrity, and availability. The CVSS v3.1 base score for this vulnerability is 4.8, which is considered medium severity. The attack vector is local, requires low attack complexity, low privileges, and user interaction.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability is fixed in snapd version 2.62 and later.

Mitigation

Update snapd to version 2.62 or later. Until the update can be applied, be cautious when installing snaps from untrusted sources. Educate users about the risks of installing snaps from unknown or untrusted sources. Consider implementing additional access controls or monitoring for suspicious activities related to snap installations.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-29069

Jul 25, 2024 at 8:15 PM
CVSS

A CVSS base score of 4.8 has been assigned.

Jul 25, 2024 at 8:21 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-29069. See article

Jul 25, 2024 at 8:22 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jul 25, 2024 at 8:22 PM
Trending

This CVE started to trend in security discussions

Jul 25, 2024 at 11:59 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.4%)

Jul 26, 2024 at 9:49 AM
Trending

This CVE stopped trending in security discussions

Jul 26, 2024 at 1:10 PM
Threat Intelligence Report

The vulnerability CVE-2024-29069 in snapd versions prior to 2.62 allows an attacker to write out the contents of symbolic link destinations into a world-readable directory, potentially granting access to privileged information. This critical vulnerability has a CVSS score of 4.8 and could be exploited by convincing a user to install a malicious snap. Mitigations include updating to snapd version 2.62 or later to patch the issue. See article

Jul 29, 2024 at 10:01 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (204952)

Aug 1, 2024 at 7:15 PM
Static CVE Timeline Graph

Affected Systems

Canonical/snapd
+null more

Patches

Github Advisory
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-219: XML Routing Detour Attacks
+null more

Vendor Advisory

[GHSA-69p6-gp5x-j269] snapd failed to properly check the destination of symbolic links when extracting a snap
GitHub Advisory Database / 3mo
The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted.

References

US-CERT Vulnerability Summary for the Week of July 22, 2024
RedPacket Security / 3mo
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5. Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor – Blog Layouts for Elementor: from n/a through 1.5.

News

cveNotify : 🚨 CVE-2024-29069In snapd versions prior to 2.62, snapd failed to properly check thedestination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links andother file types. Various file entries within the snap squashfs image(such as icons and desktop files etc) are directly read by snapd whenit is extracted. An attacker who could convince a user to install amalicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destinationinto a world-readable directory. This in-turn could allow an unprivilegeduser to gain access to privileged information.🎖@cveNotify
CTI Feeds - Cybercrime on Telegram / 2mo
cveNotify : 🚨 CVE-2024-29069In snapd versions prior to 2.62, snapd failed to properly check thedestination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links andother file types. Various file entries within the snap squashfs image(such as icons and desktop files etc) are directly read by snapd whenit is extracted. An attacker who could convince a user to install amalicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destinationinto a world-readable directory. This in-turn could allow an unprivilegeduser to gain access to privileged information.🎖@cveNotify
IT Bible - CISA Bulletins - Vulnerability Summary for the Week of July 22, 2024
3mo
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AF themes WP Post Author allows Stored XSS.This issue affects WP Post Author: from n/a through 3.6.7.​ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor - Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor - Blog Layouts for Elementor: from n/a through 1.5.​
Security: Mehrere Probleme in snapd (Ubuntu)
Pro-Linux / 3mo
attacker who could convince a user to install a malicious snap could use this Zeyad Gouda discovered that snapd failed to properly check the file type when
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : snapd vulnerabilities (USN-6940-1)
Newest Plugins from Tenable / 3mo
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6940-1 advisory. Zeyad Gouda discovered that snapd failed to properly check the destination of symbolic links when extracting a snap.
Linux Kernel, Python, SnapD updates for Ubuntu
Linux Compatible / 3mo
A privileged local attacker could use this to cause a denial of service. The following security updates have been released for Ubuntu Linux:
See 16 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.3(51562)CWE-610(178)CWE-59(1181)Canonical(4150)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial