Skip to main content

Incorrect Default Permissions

CVE-2021-3155

Severity Medium
Score 5.5/10

Summary

snapd 2.54.2 and earlier created "~/snap" directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. This issue was fixed in snapd version 2.54.3.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Advisory Timeline

  • Published