{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T05:19:07.447","vulnerabilities":[{"cve":{"id":"CVE-2024-32462","sourceIdentifier":"security-advisories@github.com","published":"2024-04-18T18:15:09.313","lastModified":"2025-08-21T00:43:47.783","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6."},{"lang":"es","value":"Flatpak es un sistema para crear, distribuir y ejecutar aplicaciones de escritorio en espacio aislado en Linux. en versiones anteriores a la 1.10.9, 1.12.9, 1.14.6 y 1.15.8, una aplicación Flatpak maliciosa o comprometida podría ejecutar código arbitrario fuera de su zona de pruebas. Normalmente, el argumento `--command` de `flatpak run` espera recibir un comando para ejecutar en la aplicación Flatpak especificada, opcionalmente junto con algunos argumentos. Sin embargo, es posible pasar argumentos `bwrap` a `--command=`, como `--bind`. Es posible pasar una \"línea de comando\" arbitraria a la interfaz del portal \"org.freedesktop.portal.Background.RequestBackground\" desde una aplicación Flatpak. Cuando esto se convierte en un `--command` y argumentos, logra el mismo efecto de pasar argumentos directamente a `bwrap` y, por lo tanto, puede usarse para un escape sandbox. La solución es pasar el argumento `--` a `bwrap`, lo que hace que deje de procesar las opciones. Esto ha sido compatible desde bubblewrap 0.3.0. Todas las versiones compatibles de Flatpak requieren al menos esa versión de bubblewrap. xdg-desktop-portal versión 1.18.4 mitigará esta vulnerabilidad al permitir que las aplicaciones Flatpak solo creen archivos .desktop para comandos que no comiencen con --. La vulnerabilidad está parcheada en 1.15.8, 1.10.9, 1.12.9 y 1.14.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.9","matchCriteriaId":"E60FCEB3-549B-4F83-8BF1-87B9AB1A4D91"},{"vulnerable":true,"criteria":"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12.0","versionEndExcluding":"1.12.9","matchCriteriaId":"B8FCD122-12F7-46AC-AFBA-45303E6F4761"},{"vulnerable":true,"criteria":"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*","versionStartIncluding":"1.14.0","versionEndExcluding":"1.14.6","matchCriteriaId":"E1CCDB8B-00D2-4C89-A148-DB50CC4A940A"},{"vulnerable":true,"criteria":"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*","versionStartIncluding":"1.15.0","versionEndExcluding":"1.15.8","matchCriteriaId":"AC3F3728-D443-4387-B00E-A559883BBAF3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*","matchCriteriaId":"CA277A6C-83EC-4536-9125-97B84C4FAF59"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2024/04/18/5","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2024/04/18/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]}]}}]}