CVE-2018-6560

Impact:
Moderate
Public Date:
2018-01-29
CWE:
CWE-270
Bugzilla:
1542207: CVE-2018-6560 flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake
It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface.

Find out more about CVE-2018-6560 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 6.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (flatpak) RHSA-2018:2766 2018-09-25

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 flatpak Not affected
Last Modified