Vulnerability Details : CVE-2016-1580
The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
Products affected by CVE-2016-1580
- cpe:2.3:a:canonical:ubuntu-core-launcher:1.0.27:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1580
1.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1580
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-1580
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1580
-
https://bugs.launchpad.net/ubuntu/+source/ubuntu-core-launcher/+bug/1576699
Bug #1576699 “ubuntu-core-launcher uses incorrect glob, doesn't ...” : Bugs : ubuntu-core-launcher package : Ubuntu
-
http://www.ubuntu.com/usn/USN-2956-1
USN-2956-1: ubuntu-core-launcher vulnerability | Ubuntu security noticesVendor Advisory
Jump to