>
Canonical

CVE-2022-3328

high
code search

Race condition in snap-confine's must_mkdir_and_open_with_perms()

7.8
cvss high
common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.
epss 0.0006
exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.
kev no
cisa known exploited vulnerabilities catalog. confirmed active exploitation.
CVSS 3.1 Common Vulnerability Scoring System v3.1
7.8 / 10
HIGH
exploitability
Attack Vector
Local
Attack Vector (AV:L): requires local access. attacker must have shell access or physical login.
Attack Complexity
High
Attack Complexity (AC:H): exploitation requires specific conditions outside the attacker's control (race condition, non-default config, etc).
Privileges Required
Low
Privileges Required (PR:L): requires basic user-level access.
User Interaction
None
User Interaction (UI:N): no victim action needed. fully exploitable without user interaction.
impact
Scope
Changed
Scope (S:C): exploitation impacts resources beyond the vulnerable component.
Confidentiality
High
Confidentiality (C:H): total information disclosure. attacker gains access to all data within the component.
Integrity
High
Integrity (I:H): complete data modification possible. attacker can modify any data.
Availability
High
Availability (A:H): total denial of service. attacker can fully shut down the resource.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
exploit detect attrib advisory media timeline
exploitation detection attribution advisories media timeline
activity density
rdintel assessment
11 threat composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.

sign in to view full intelligence

pocs, detection rules, timeline, advisories, and more

sign in create account