Description

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.

INFO

Published Date :

2024-05-31T21:02:19.979Z

Last Modified :

2024-09-06T19:48:49.508Z

Source :

canonical
AFFECTED PRODUCTS

The following products are affected by CVE-2024-5138 vulnerability.

Vendors Products
Canonical
  • Snapd
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5138.

URL Resource
https://bugs.launchpad.net/snapd/+bug/2065077 cve-icon cve-icon cve-icon
https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14 cve-icon cve-icon cve-icon
https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-5138 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact