CVE Vulnerabilities

CVE-2017-10600

Session Fixation

Published: Jul 11, 2017 | Modified: Oct 03, 2019
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.

Weakness

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Affected Software

Name Vendor Start Version End Version
Ubuntu-image Canonical 1.0 1.0

Extended Description

Such a scenario is commonly observed when:

Potential Mitigations

References