{"containers":{"cna":{"affected":[{"product":"snapd","vendor":"Canonical Ltd.","versions":[{"lessThanOrEqual":"2.54.2","status":"affected","version":"unspecified","versionType":"custom"}]}],"credits":[{"lang":"en","value":"James Troup"}],"descriptions":[{"lang":"en","value":"snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.8,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-276","description":"CWE-276 Incorrect Default Permissions","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-02-17T22:15:16.000Z","orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical"},"references":[{"tags":["x_refsource_MISC"],"url":"https://ubuntu.com/security/notices/USN-5292-1"},{"tags":["x_refsource_MISC"],"url":"https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85"},{"tags":["x_refsource_MISC"],"url":"https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca"}],"source":{"discovery":"USER"},"title":"snapd created ~/snap with too-wide permissions","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@ubuntu.com","ID":"CVE-2021-3155","STATE":"PUBLIC","TITLE":"snapd created ~/snap with too-wide permissions"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"snapd","version":{"version_data":[{"version_affected":"<=","version_value":"2.54.2"}]}}]},"vendor_name":"Canonical Ltd."}]}},"credit":[{"lang":"eng","value":"James Troup"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.8,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-276 Incorrect Default Permissions"}]}]},"references":{"reference_data":[{"name":"https://ubuntu.com/security/notices/USN-5292-1","refsource":"MISC","url":"https://ubuntu.com/security/notices/USN-5292-1"},{"name":"https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85","refsource":"MISC","url":"https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85"},{"name":"https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca","refsource":"MISC","url":"https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca"}]},"source":{"discovery":"USER"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T16:45:51.372Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ubuntu.com/security/notices/USN-5292-1"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca"}]}]},"cveMetadata":{"assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","cveId":"CVE-2021-3155","datePublished":"2022-02-17T22:15:16.000Z","dateReserved":"2021-01-15T00:00:00.000Z","dateUpdated":"2024-08-03T16:45:51.372Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}