DEBIAN-CVE-2021-3155
- Source
- https://security-tracker.debian.org/tracker/CVE-2021-3155
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-3155.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-3155
- Upstream
- Published
- 2022-02-17T23:15:07Z
- Modified
- 2025-09-30T05:15:00.370543Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
- References
Affected packages
Debian:11 / snapd
Package
- Name
- snapd
- Purl
- pkg:deb/debian/snapd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.49-1
2.49-1+deb11u1
2.49-1+deb11u2
2.51.7-1
2.51.7-2
2.54.1-1
2.54.3-1
2.54.3-1.1
2.57.6-1
2.59.5-1
2.60.2-1
2.61.1-1
2.61.2-1
2.61.2-2
2.62-1
2.62-2
2.62-3
2.62-4
2.62-5
2.63-1
2.63-2
2.63-3
2.63-4
2.65.1-1
2.65.3-1
2.66.1-1
2.66.1-2
2.67-1
2.68.3-2
2.68.3-3
2.71-1
2.71-2
2.71-3
Debian:12 / snapd
Package
- Name
- snapd
- Purl
- pkg:deb/debian/snapd?arch=source
Debian:13 / snapd
Package
- Name
- snapd
- Purl
- pkg:deb/debian/snapd?arch=source
Debian:14 / snapd
Package
- Name
- snapd
- Purl
- pkg:deb/debian/snapd?arch=source