CVE-2016-1587
Last modified
CVE-2016-1587 is a vulnerability of currently unknown severity. The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system.. EPSS estimates a 1.10% chance of exploitation in the next 30 days.
Description
The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Snapweb | Snapweb | < 0.21.2 |
References
- https://github.com/snapcore/snapweb/commit/3f4cf9403f7687fbc8e27c0e01b2cf6aa5e7e0d5Patch, Third Party Advisory
- https://github.com/snapcore/snapweb/commit/3f4cf9403f7687fbc8e27c0e01b2cf6aa5e7e0d5Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-1587?
How severe is CVE-2016-1587?
How do I fix CVE-2016-1587?
Are you affected by CVE-2016-1587?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST