{"vulnerability": "CVE-2024-29069", "sightings": [{"uuid": "48f7f282-14f8-4e22-954a-0dba62c2493a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29069", "type": "seen", "source": "https://t.me/cvedetector/1649", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-29069 - Snapd Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-29069 \nPublished : July 25, 2024, 8:15 p.m. | 28\u00a0minutes ago \nDescription : In snapd versions prior to 2.62, snapd failed to properly check the  \ndestination of symbolic links when extracting a snap. The snap format   \nis a squashfs file-system image and so can contain symbolic links and  \nother file types. Various file entries within the snap squashfs image  \n(such as icons and desktop files etc) are directly read by snapd when  \nit is extracted. An attacker who could convince a user to install a  \nmalicious snap which contained symbolic links at these paths could then   \ncause snapd to write out the contents of the symbolic link destination  \ninto a world-readable directory. This in-turn could allow an unprivileged  \nuser to gain access to privileged information. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-25T22:46:21.000000Z"}]}