✅ Achievement unlocked - Got a minor credit in a CVE.

mcphail wrote:

"I recently found a bug in Snap, a package manager for Ubuntu and other Linux distributions, which allows the snap to escape the sandbox and run arbitrary code (as the user) if the home permission is set. This exploit could be run on a vanilla install of Ubuntu and was patched in commit aa191f9 on 13th March 2024."

gld.mcphail.uk/posts/explainin…

cve.mitre.org/cgi-bin/cvename.…

#cve #snapcraft #linux