CVE-2019-11503

Published April 24th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."

canonical/snapd

The snapd and snap tools enable systems to work with .snap files.

GitHub

2.03K