How severe is CVE-2024-29069?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2024-29069?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2024-29069 - HIGH Severity | CVSS 7.3

Vulnerability Description

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.

Related Vulnerabilities

CVE-2021-0591

HIGH

CVSS:7.3(High)

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of priv...

CWE-6102021

CVE-2022-46869

HIGH

CVSS:7.3(High)

Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.

CWE-6102022

CVE-2024-24760

HIGH

CVSS:7.3(High)

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability...

CWE-6102024

CVE-2021-27183

HIGH

CVSS:7.2(High)

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location...

CWE-6102021

CVE-2021-41244

HIGH

CVSS:7.2(High)

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Gr...

CWE-6102021

CVE-2022-24241

HIGH

CVSS:7.5(High)

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

CWE-6102022