CVE-2019-11503

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11503
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11503.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11503
Downstream
Published
2019-04-24T21:29:00.820Z
Modified
2026-04-10T04:14:23.444535Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."

References

Affected packages

Git / github.com/snapcore/snapd

Affected ranges

Type
GIT
Repo
https://github.com/snapcore/snapd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5a9245de49fc5da82c63c08cb81dca988ad2255b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.39"
        }
    ]
}

Affected versions

1.*
1.0-0ubuntu1
1.0.1-0ubuntu1
1.1-0ubuntu1
1.1.1-0ubuntu1
1.1.2-0ubuntu1
1.2-0ubuntu1
1.3ubuntu1
1.4ubuntu1
1.5ubuntu1
1.6ubuntu1
1.7.2+20160113ubuntu1
1.7.2+20160204ubuntu1
1.7.2+20160223ubuntu1
1.7.2ubuntu1
1.7.3+20160225ubuntu1
1.7.3+20160303ubuntu1
1.7.3+20160303ubuntu2
1.7.3+20160303ubuntu3
1.7.3+20160303ubuntu4
1.7.3+20160308ubuntu1
1.7.3+20160310ubuntu1
1.7ubuntu1
1.9
1.9.1
1.9.2
1.9.3
1.9.4
2.*
2.0
2.0.10
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.11
2.12
2.13
2.14
2.14.1
2.14.2.16.04
2.15
2.15.2
Other
ppa
untagged-ec50ee5bfb45daefc236

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11503.json"