NVD

Id
87338  
Name
CVE-2017-9780  
Description
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the system helper component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-07-18  
Published
2017-06-21  
Modified Date
2017-07-03  
Seq
2017-9780  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
68778 JVNDB-2017-005035 Flatpak における認可・権限・アクセス制御に関する脆弱性 Flatpak には、認可・権限・アクセス制御に関する脆弱性が存在します。 CVE-2017-9780 0 CVE-2017-9780 87338 7.2 7.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-005035.html 2017-06-22 2017-07-13 View