PublicDateAtUSN: 2020-12-03 17:00:00
Candidate: CVE-2020-27348
CRD: 2020-12-03 18:16:00
PublicDate: 2020-12-04 03:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27348
 https://github.com/snapcore/snapcraft/pull/3345
 https://ubuntu.com/security/notices/USN-4661-1
Description:
 In some conditions, a snap package built by snapcraft includes the current
 directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code
 execution within the context of another snap if both plug the home
 interface or similar. This issue affects snapcraft versions prior to 4.4.4,
 prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.
Ubuntu-Description: 
 It was discovered that snapcraft includes the current directory when
 configuring  LD_LIBRARY_PATH for application commands. If a user were
 tricked into installing a malicious snap or downloading a malicious
 library, under certain circumstances an attacker could exploit this to
 affect strict mode snaps that have access to the library and were
 launched from the directory containing the library.
Notes:
  emitorino> Focal, groovy and hirsute are not required due to deb2snap
Mitigation: 
Bugs: 
 https://bugs.launchpad.net/bugs/1901572
Priority: medium
Discovered-by: itszn
Assigned-to: emitorino
CVSS:
 ubuntu: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L [6.8 MEDIUM]
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L [6.8 MEDIUM]

Patches_snapcraft:
snap_snapcraft: released (4.4.4)
upstream_snapcraft: released (4.4.4)
precise/esm_snapcraft: DNE
trusty_snapcraft: ignored (out of standard support)
trusty/esm_snapcraft: DNE
xenial_snapcraft: released (2.43.1+16.04.1)
bionic_snapcraft: released (2.43.1+18.04.1)
focal_snapcraft: not-affected
groovy_snapcraft: not-affected
devel_snapcraft: not-affected