CVE-2024-1724: snapd failed to restrict writes to the $HOME/bin path

July 25, 2024 (updated July 26, 2024)

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the ‘home’ plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.

References

github.com/advisories/GHSA-4mh8-9689-38vr
github.com/snapcore/snapd
github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6
github.com/snapcore/snapd/pull/13689
gld.mcphail.uk/posts/explaining-cve-2024-1724
nvd.nist.gov/vuln/detail/CVE-2024-1724

Code Behaviors & Features

Detect and mitigate CVE-2024-1724 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →