Vulnerability Details : CVE-2020-27352
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.
Products affected by CVE-2020-27352
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2020-27352
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-27352
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
CRITICAL | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
2.5
|
6.0
|
Canonical Ltd. | 2024-06-21 |
CWE ids for CVE-2020-27352
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2020-27352
-
https://ubuntu.com/security/notices/USN-4728-1
USN-4728-1: snapd vulnerability | Ubuntu security notices | Ubuntu
-
https://bugs.launchpad.net/snapd/+bug/1910456
Bug #1910456 “container management snaps should have Delegate=tr...” : Bugs : snapd
-
https://www.cve.org/CVERecord?id=CVE-2020-27352
CVE Record | CVE
Jump to