Vulnerability DatabaseCVE-2020-27352
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2020-27352
June 21, 2024
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.
Related ResourcesĀ (6)
https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27352
https://bugs.launchpad.net/snapd/+bug/1910456
https://security-tracker.debian.org/tracker/CVE-2020-27352
https://github.com/snapcore/snapd/commit/d717c9a50e5bb200dd1e91494acf943a240758a3
https://www.cve.org/CVERecord?id=CVE-2020-27352
https://ubuntu.com/security/notices/USN-4728-1
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.4
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Privilege Management
CWE-269
EPSS
Base Score:
0.19