CVE & CISA-KEV Catalog

CVE-2021-21381

HIGHEPSS 72th pctl
7.1
CVSS v3
NVD

Description

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`.

How to fix

Remediation Available
flatpakDebian
Fixed in:1.10.1-4CVE-2021-21381
Fixed in:1.10.1-4CVE-2021-21381
Fixed in:1.10.1-4CVE-2021-21381
Fixed in:1.10.1-4CVE-2021-21381
flatpakUbuntu
Fixed in:1.0.9-0ubuntu0.3USN-4951-1
Fixed in:1.6.5-0ubuntu0.3USN-4951-1
libflatpak0Ubuntu
Fixed in:1.0.9-0ubuntu0.3USN-4951-1
Fixed in:1.6.5-0ubuntu0.3USN-4951-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged

Impact

ConfidentialityLow
IntegrityHigh
AvailabilityNone

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Exploit Intelligence

1.55%probability of exploitation in 30 days
72ndpercentile

Elevated risk: more likely to be exploited than 72% of all known CVEs.

References

Related Vulnerabilities

Other CWE-74 (Injection) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2013-2251Critical9.8100%KEVFix
CVE-2023-22527Critical9.8100%KEV + RansomFix
CVE-2019-2725Critical9.8100%KEV + RansomFix
CVE-2022-46169Critical9.8100%KEVFix
CVE-2022-35914Critical9.8100%KEV-
CVE-2019-17558High7.599%KEVFix
Embed a live status badge for CVE-2021-21381
CVE-2021-21381 severity badge

Markdown

[![CVE-2021-21381](https://tridentstack.com/cve/badge/CVE-2021-21381.svg)](https://tridentstack.com/cve/CVE-2021-21381)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-21381"><img src="https://tridentstack.com/cve/badge/CVE-2021-21381.svg" alt="CVE-2021-21381"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.