CVE - CVE-2024-5138

CVE-ID
CVE-2024-5138	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://bugs.launchpad.net/snapd/+bug/2065077 URL:https://bugs.launchpad.net/snapd/+bug/2065077 MISC:https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14 URL:https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14 MISC:https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46 URL:https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46 MISC:https://www.cve.org/CVERecord?id=CVE-2024-5138 URL:https://www.cve.org/CVERecord?id=CVE-2024-5138
Assigning CNA
Canonical Ltd.
Date Record Created
20240519	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240519)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)