CVE-2021-3155

Summary

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Affected Software

VendorProductVersion RangeStatus
Canonical Ltd.snapdunspecified <= 2.54.2affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References