CVE-2017-14178

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-14178
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14178.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-14178
Downstream
Published
2018-02-02T14:29:00.340Z
Modified
2026-04-10T03:57:08.904952Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.

References

Affected packages

Git / github.com/canonical/snapd

Affected ranges

Type
GIT
Repo
https://github.com/canonical/snapd
Events
Introduced
738a7f40e81151c38bc19afe838c3cfa74e5c6fa
Last affected
3e15c2872a6e3d0ed692865de337ec44e0308f04
Database specific 
{
    "versions": [
        {
            "introduced": "2.27"
        },
        {
            "last_affected": "2.29.2"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14178.json"