CVE-2019-12439
Published
CVSS v3
N/A
CVSS v2
4.6
MEDIUM
Affected
1
PROJECT
Description
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
Low-level unprivileged sandboxing tool used by Flatpak and similar projects
GitHub