CVE-2020-11931

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;
Configurations

Configuration 1 (hide)

cpe:2.3:a:pulseaudio:pulseaudio:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

History

No history.

Information

Published : 2020-05-15 04:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-11931

Mitre link : CVE-2020-11931

CVE.ORG link : CVE-2020-11931


JSON object : View

Products Affected

pulseaudio

  • pulseaudio

canonical

  • ubuntu_linux
CWE
CWE-668

Exposure of Resource to Wrong Sphere

CWE-284

Improper Access Control