What is CVE-2019-11480?

CVE-2019-11480 is a high-severity vulnerability in Canonical Pc-kernel, classified under CWE-353. CVSS score: 8.4/10. Published 2020-04-14.

How severe is CVE-2019-11480?

High severity. CVSS v3 base score is 8.4 out of 10.

Vulnerability in Canonical Pc-kernel

CVE-2019-11480

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the…

EPSS: 0.004 (62.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Canonical Pc-kernel — versions unspecified

Weakness classification (CWE)

CWE-353

References

cve.mitre.org/cgi-bin/cvename.cgi (x_refsource_MISC)
bugs.launchpad.net/bugs/1836041 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-11480?: CVE-2019-11480 is a high-severity vulnerability in Canonical Pc-kernel, classified under CWE-353. CVSS score: 8.4/10. Published 2020-04-14.
How severe is CVE-2019-11480?: High severity. CVSS v3 base score is 8.4 out of 10.