bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
May 29, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 28, 2023
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
References