CVE-2024-1724

CVSS V2 None CVSS V3 None

Description

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.

Overview

CVE ID
CVE-2024-1724

Assigner
canonical

Vulnerability Status
PUBLISHED

Published Version
2024-07-25T19:05:23.299Z

Last Modified Date
2024-07-25T19:28:23.939Z

Weakness Enumerations

CWE	URL
CWE-732	http://cwe.mitre.org/data/definitions/732.html

References

Reference URL	Reference Tags
https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6
https://gld.mcphail.uk/posts/explaining-cve-2024-1724/
https://github.com/snapcore/snapd/pull/13689

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-1724
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1724

History

Created	Old Value	New Value	Data Type	Notes
2024-07-26 13:06:33				Added to TrackCVE