{"id":"USN-6851-1","summary":"netplan.io vulnerabilities","details":"Andreas Hasenack discovered that netplan incorrectly handled the permissions\nfor netdev files containing wireguard configuration. An attacker could use this to obtain\nwireguard secret keys.\n\nIt was discovered that netplan configuration could be manipulated into injecting\narbitrary commands while setting up network interfaces. An attacker could\nuse this to execute arbitrary commands or escalate privileges.\n","modified":"2026-04-27T17:17:36.255148Z","published":"2024-06-26T13:45:31Z","related":["UBUNTU-CVE-2022-4968"],"upstream":["CVE-2022-4968","UBUNTU-CVE-2022-4968"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6851-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-4968"},{"type":"REPORT","url":"https://launchpad.net/bugs/1987842"},{"type":"REPORT","url":"https://launchpad.net/bugs/2065738"},{"type":"REPORT","url":"https://launchpad.net/bugs/2066258"}],"affected":[{"package":{"name":"netplan.io","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/netplan.io@0.104-0ubuntu2~20.04.5?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.104-0ubuntu2~20.04.5"}]}],"versions":["0.98-0ubuntu1","0.98-0ubuntu2","0.98-0ubuntu3","0.98-0ubuntu4","0.99-0ubuntu1","0.99-0ubuntu2","0.99-0ubuntu3~20.04.1","0.99-0ubuntu3~20.04.2","0.100-0ubuntu4~20.04.2","0.100-0ubuntu4~20.04.3","0.101-0ubuntu3~20.04.2","0.102-0ubuntu1~20.04.1","0.102-0ubuntu1~20.04.2","0.103-0ubuntu5~20.04.1","0.103-0ubuntu5~20.04.2","0.103-0ubuntu5~20.04.3","0.103-0ubuntu5~20.04.5","0.103-0ubuntu5~20.04.6","0.104-0ubuntu2~20.04.1","0.104-0ubuntu2~20.04.2","0.104-0ubuntu2~20.04.4"],"ecosystem_specific":{"binaries":[{"binary_version":"0.104-0ubuntu2~20.04.5","binary_name":"libnetplan0"},{"binary_version":"0.104-0ubuntu2~20.04.5","binary_name":"netplan.io"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6851-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2022-4968","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"netplan.io","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/netplan.io@0.106.1-7ubuntu0.22.04.3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.106.1-7ubuntu0.22.04.3"}]}],"versions":["0.103-0ubuntu7","0.103-0ubuntu8","0.103-0ubuntu9","0.103-0ubuntu10","0.104-0ubuntu1","0.104-0ubuntu2","0.104-0ubuntu2.1","0.105-0ubuntu2~22.04.1","0.105-0ubuntu2~22.04.3","0.106.1-7ubuntu0.22.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.106.1-7ubuntu0.22.04.3","binary_name":"libnetplan0"},{"binary_version":"0.106.1-7ubuntu0.22.04.3","binary_name":"netplan.io"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6851-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2022-4968","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"netplan.io","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/netplan.io@1.0-2ubuntu1.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-2ubuntu1.1"}]}],"versions":["0.107-5","0.107-5ubuntu1","0.107-5ubuntu2","0.107.1-3","1.0-1","1.0-2","1.0-2build1","1.0-2ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.0-2ubuntu1.1","binary_name":"libnetplan1"},{"binary_version":"1.0-2ubuntu1.1","binary_name":"netplan-generator"},{"binary_version":"1.0-2ubuntu1.1","binary_name":"netplan.io"},{"binary_version":"1.0-2ubuntu1.1","binary_name":"python3-netplan"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6851-1.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"id":"CVE-2022-4968","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}