-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/snapcore/snapd | go | < 2.57.6 | 2.57.6 |
Miggo AIRoot Cause AnalysisThe vulnerability was explicitly tied to this function in CVE description and advisory. The patch completely removes this function and replaces its functionality with a secure systemd-tmpfiles-based approach. The function's logic (visible in diff) shows unsafe directory permission validation followed by rename operations that could be raced by unprivileged users, consistent with CWE-362 race condition patterns. High confidence comes from direct mention in vulnerability reports, removal in patch, and clear race condition pattern in code structure.