Miggo Logo
Miggo Vulnerability Database
CVE-2024-1724

CVE-2024-1724:
snapd failed to restrict writes to the $HOME/bin path

6.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-1724
GHSA ID
GHSA-4mh8-9689-38vr
EPSS Score
0.00441%
CWE
CWE-732
Published
7/25/2024
Updated
8/7/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/snapcore/snapdgo< 2.622.62

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from incomplete AppArmor rule generation in the home interface implementation. The patch adds a specific denial for the $HOME/bin directory node in home.go, indicating the original code lacked this critical restriction. While no traditional 'function' is explicitly named in the diff, the rule generation logic in home.go (manifested as template literals and their processing) constitutes the vulnerable code path. The test modifications in home_test.go confirm this was the location of the missing security control.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In sn*p* v*rsions prior to *.**, w**n usin* *pp*rmor *or *n*or**m*nt o* s*n**ox p*rmissions, sn*p* **il** to r*stri*t writ*s to t** $*OM*/*in p*t*. In U*untu, w**n t*is p*t* *xists, it is *utom*ti**lly ***** to t** us*rs P*T*. *n *tt**k*r w*o *oul* *

Reasoning

T** vuln*r**ility st*ms *rom in*ompl*t* *pp*rmor rul* **n*r*tion in t** *om* int*r**** impl*m*nt*tion. T** p*t** ***s * sp**i*i* **ni*l *or t** $*OM*/*in *ir**tory no** in `*om*.*o`, in*i**tin* t** ori*in*l *o** l**k** t*is *riti**l r*stri*tion. W*il