Home > Vulnerability Database > CVE-2024-5138

Mend.io Vulnerability Database

CVE-2024-5138

Date: May 31, 2024

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.

Language: Go

Severity Score

8.1

Related Resources (11)

Url: https://www.cve.org/CVERecord?id=CVE-2024-5138

Url: https://github.com/canonical/snapd

Url: https://security-tracker.debian.org/tracker/CVE-2024-5138

Url: https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14

Url: https://bugs.launchpad.net/snapd/+bug/2065077

Url: https://ubuntu.com/security/CVE-2024-5138

Url: https://github.com/canonical/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14

Url: https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46

Url: https://github.com/canonical/snapd/security/advisories/GHSA-p9v8-q5m4-pf46

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-5138

Url: https://www.mend.io/vulnerability-database/CVE-2024-5138

Severity Score

8.1

Weakness Type (CWE)

Improper Authorization

CWE-285

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-5138

Date: May 31, 2024

Language: Go

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?