CVE-2019-8308
NONE EPSS 36.9%
Published Feb 12, 20197y ago · Modified Jun 17, 20262w ago
Published Feb 12, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
Threat Intelligence
EPSS Exploit Probability
36.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-668
Affected Products 11
| Vendor | Product | Version | Range |
|---|---|---|---|
| flatpak | flatpak | * | <1.0.7 |
| flatpak | flatpak | * | ≥1.1.0 – ≤1.1.3 |
| flatpak | flatpak | * | ≥1.2.0 – ≤1.2.3 |
| debian | debian_linux | 9.0 | any |
| debian | debian_linux | 10.0 | any |
| redhat | enterprise_linux_desktop | 7.0 | any |
| redhat | enterprise_linux_server | 7.0 | any |
| redhat | enterprise_linux_server_aus | 7.6 | any |
| redhat | enterprise_linux_server_eus | 7.6 | any |
| redhat | enterprise_linux_server_tus | 7.6 | any |
| redhat | enterprise_linux_workstation | 7.0 | any |
References 5
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:0375
- bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059
- github.com https://github.com/flatpak/flatpak/releases/tag/1.0.7
- github.com https://github.com/flatpak/flatpak/releases/tag/1.2.3
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.