CVE-2019-11480
HIGHc-kernel < 2019-07-16 - Unauthenticated Package Installation via Hardcoded Insecure APT Options
Title source: llmDescription
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11480
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/bugs/1836041
Scores
CVSS v3
8.4
EPSS
0.0043
EPSS Percentile
62.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-353
CWE-345
Status
published
Products (1)
canonical/c-kernel
< 2019-07-16
Published
Apr 14, 2020
Tracked Since
Feb 18, 2026