Snapd Vulnerability: Symbolic Link Attack via snap Extraction
CVE-2024-29069
7.3HIGH
What is CVE-2024-29069?
An identified vulnerability in Snapd versions before 2.62 arises from the improper handling of symbolic links during the extraction process of snap packages. The snap format, which utilizes squashfs file-system images, permits the inclusion of various file types including symbolic links. If an attacker persuades a user to install a malicious snap containing specially crafted symbolic links, it could lead to the unintentional disclosure of sensitive content into directories accessible by all users. This issue poses a significant risk by potentially allowing unprivileged users access to confidential information meant for elevated privileges.
Affected Version(s)
snapd Linux 0 < 2.62