CVE-2019-8308 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

Published: Feb 13, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-8308
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-668

Affected Software
References

Software	From	Fixed in
flatpak / flatpak	-	1.0.7
flatpak / flatpak	1.1.0	1.1.3.x
flatpak / flatpak	1.2.0	1.2.3.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_eus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x