Vulnerability Description
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | C-Kernel | <= 2019-07-16 |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/bugs/1836041ExploitIssue TrackingThird Party Advisory
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11480Third Party Advisory
- https://bugs.launchpad.net/bugs/1836041ExploitIssue TrackingThird Party Advisory
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11480Third Party Advisory
FAQ
What is CVE-2019-11480?
CVE-2019-11480 is a vulnerability with a CVSS score of 8.4 (HIGH). The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is abl...
How severe is CVE-2019-11480?
CVE-2019-11480 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11480?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical C-Kernel.