Unprivileged User Bypass Vulnerability in snapd's 'snap logs' Command

Unprivileged User Bypass Vulnerability in snapd's 'snap logs' Command

CVE-2017-14178 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.

Learn more about our User Device Pen Test.