CVE-2019-7304

Critical

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as…

canonical·CWE-863·Published 2019-04-23

CVSS

9.8

EPSS

0.61

KEV

Exploits

cve.orgen

202 chars

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

NVDen

202 chars

NVDes

247 chars

El Canonical snapd hasta la versión 2.37.1 realizó incorrectamente la validación del propietario del socket, permitiendo a un atacante ejecutar comandos arbitrarios como root. Este problema afecta a: Canonical snapd versiones anteriores a 2.37.1.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.0	Primary	cve.org	8.8	—	—	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.0	Primary	cve.org	8.8	—	—	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.0	Secondary	NVD	8.8	2.0	6.0	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H