Vulnerability CVE-2019-11480


Published: 2020-04-14

Description:
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16

Type:

CWE-345

(Insufficient Verification of Data Authenticity)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Canonical -> C-kernel 

 References:
https://bugs.launchpad.net/bugs/1836041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11480

Copyright 2024, cxsecurity.com

 

Back to Top