CVE-2019-8308

NONE EPSS 36.9%
Published Feb 12, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Feb 12, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

Threat Intelligence

EPSS Exploit Probability
36.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-668

Affected Products 11

VendorProductVersionRange
flatpakflatpak* <1.0.7
flatpakflatpak*≥1.1.0  –  ≤1.1.3
flatpakflatpak*≥1.2.0  –  ≤1.2.3
debiandebian_linux9.0any
debiandebian_linux10.0any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_server7.0any
redhatenterprise_linux_server_aus7.6any
redhatenterprise_linux_server_eus7.6any
redhatenterprise_linux_server_tus7.6any
redhatenterprise_linux_workstation7.0any

References 5

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:0375
    Third Party Advisory
  • bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059
    Issue TrackingMailing ListThird Party Advisory
  • github.com https://github.com/flatpak/flatpak/releases/tag/1.0.7
    Third Party Advisory
  • github.com https://github.com/flatpak/flatpak/releases/tag/1.2.3
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.