CVE-2019-12439
Summary
| CVE | CVE-2019-12439 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2019-05-29 15:29:00 UTC |
|---|
| Updated | 2020-06-15 18:15:00 UTC |
|---|
| Description | bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Release 0.3.3 · containers/bubblewrap · GitHub |
MISC |
github.com |
Release Notes, Third Party Advisory |
| Bubblewrap: Arbitrary code execution (GLSA 202006-18) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Don't create our own temporary mount point for pivot_root · containers/bubblewrap@efc89e3 · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| potentially insecure use of /tmp · Issue #304 · containers/bubblewrap · GitHub |
MISC |
github.com |
Third Party Advisory |
| [security-announce] openSUSE-SU-2019:1535-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| [security-announce] openSUSE-SU-2019:1721-1: important: Security update |
SUSE |
lists.opensuse.org |
|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| 1695963 – (CVE-2019-12439) CVE-2019-12439 bubblewrap: temporary directory misuse as mount point |
MISC |
bugzilla.redhat.com |
Issue Tracking, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 900094 CBL-Mariner Linux Security Update for bubblewrap 0.3.0
- 902856 Common Base Linux Mariner (CBL-Mariner) Security Update for bubblewrap (1815)
