CVE-2020-11934

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-11934
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11934.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-11934
Related
Published
2020-07-29T17:15:12Z
Modified
2024-11-21T04:58:56Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2.

References

Affected packages

Debian:11 / snapd

Package

Name
snapd
Purl
pkg:deb/debian/snapd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.45.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / snapd

Package

Name
snapd
Purl
pkg:deb/debian/snapd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.45.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / snapd

Package

Name
snapd
Purl
pkg:deb/debian/snapd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.45.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}