Vulnerability Description
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Snapd | < 2.54.3 |
| Canonical | Ubuntu Linux | 18.04 |
Related Weaknesses (CWE)
References
- https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc8PatchThird Party Advisory
- https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dccPatchThird Party Advisory
- https://ubuntu.com/security/notices/USN-5292-1PatchVendor Advisory
- https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc8PatchThird Party Advisory
- https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dccPatchThird Party Advisory
- https://ubuntu.com/security/notices/USN-5292-1PatchVendor Advisory
FAQ
What is CVE-2021-3155?
CVE-2021-3155 is a vulnerability with a CVSS score of 3.8 (LOW). snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been priv...
How severe is CVE-2021-3155?
CVE-2021-3155 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3155?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Snapd, Canonical Ubuntu Linux.