Vulnerability CVE-2019-8308

Vulnerability Name:

CVE-2019-8308 (CCN-156996)

Assigned:

2019-02-11

Published:

2019-02-11

Updated:

2020-08-24

Summary:

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

CVSS v3 Severity:

8.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.7 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
6.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-668
CWE-672

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2019-8308

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2019:2038

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:0375

Source: CCN
Type: Debian Bug report logs - #922059
flatpak: CVE-2019-8308: vulnerability similar to runc CVE-2019-5736 involving /proc/self/exe

Source: MISC
Type: Issue Tracking, Mailing List, Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059

Source: XF
Type: UNKNOWN
flatpak-cve20198308-sec-bypass(156996)

Source: CCN
Type: flatpak GIT Repository
flatpak

Source: MISC
Type: Third Party Advisory
https://github.com/flatpak/flatpak/releases/tag/1.0.7

Source: MISC
Type: Third Party Advisory
https://github.com/flatpak/flatpak/releases/tag/1.2.3

Vulnerable Configuration:

Configuration 1:

cpe:/a:flatpak:flatpak:*:*:*:*:*:*:*:* (Version < 1.0.7)

OR cpe:/a:flatpak:flatpak:*:*:*:*:*:*:*:* (Version >= 1.1.0 and <= 1.1.3)

OR cpe:/a:flatpak:flatpak:*:*:*:*:*:*:*:* (Version >= 1.2.0 and <= 1.2.3)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:flatpak:flatpak:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:flatpak:flatpak:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:flatpak:flatpak:1.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20198308	V	CVE-2019-8308	2022-05-20
oval:org.opensuse.security:def:2032	P	apache2-mod_wsgi-4.5.18-2.27 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2040	P	python3-aiohttp-3.4.4-3.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2012	P	postgresql12-12.6-8.16.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2034	P	cloud-init-20.2-8.45.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:48869	P	libraw9-0.15.4-3.88 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48529	P	libnm-glib-vpn1-1.0.12-8.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48530	P	libopenssl-devel-1.0.2j-55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48671	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2014	P	kernel-default-livepatch-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48546	P	libruby2_1-2_1-2.1.2-12.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:51152	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:51090	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:2057	P	davfs2-1.5.4-1.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2067	P	libapr-util1-dbd-mysql-1.6.1-2.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2018	P	apache2-mod_wsgi-4.5.18-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2069	P	libecpg6-10.3-2.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2062	P	gnuplot-5.2.2-1.109 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49010	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2023	P	aws-cli-1.18.38-8.8.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2717	P	Security update for flatpak (Moderate)	2020-12-02
oval:org.opensuse.security:def:2707	P	Security update for bubblewrap (Important)	2020-12-02
oval:org.opensuse.security:def:49104	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49489	P	sane-backends on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49645	P	libIlmImf-2_2-23 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49814	P	ant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49710	P	ppp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49258	P	libwebp7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49578	P	libsrtp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49741	P	kernel-docs on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20190375	P	RHSA-2019:0375: flatpak security update (Important)	2019-02-19
oval:com.ubuntu.bionic:def:201983080000000	V	CVE-2019-8308 on Ubuntu 18.04 LTS (bionic) - medium.	2019-02-12
oval:com.ubuntu.bionic:def:20198308000	V	CVE-2019-8308 on Ubuntu 18.04 LTS (bionic) - medium.	2019-02-12
oval:com.ubuntu.cosmic:def:20198308000	V	CVE-2019-8308 on Ubuntu 18.10 (cosmic) - medium.	2019-02-12
oval:com.ubuntu.cosmic:def:201983080000000	V	CVE-2019-8308 on Ubuntu 18.10 (cosmic) - medium.	2019-02-12

BACK