VulnerableCode Vulnerability Details - VCID-2e1r-1ef8-qqan

Search for vulnerabilities

Vulnerability details: VCID-2e1r-1ef8-qqan

Essentials
Severities (3)
References (6)
Severity details (1)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-2e1r-1ef8-qqan
Aliases	CVE-2017-5180
Summary	Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.00345	https://api.first.org/data/v1/epss?cve=CVE-2017-5180
epss	0.00345	https://api.first.org/data/v1/epss?cve=CVE-2017-5180
archlinux	High	https://security.archlinux.org/AVG-128

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2017-5180
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5180
850160		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850160
AVG-128		https://security.archlinux.org/AVG-128
CVE-2017-5180	Exploit	http://seclists.org/oss-sec/2017/q1/20
CVE-2017-5180	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/43359.c

Data source	Exploit-DB
Date added	Dec. 18, 2017
Description	Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape
Ransomware campaign use	Unknown
Source publication date	Jan. 4, 2017
Exploit type	local
Platform	linux
Source update date	Dec. 18, 2017
Source URL	http://seclists.org/oss-sec/2017/q1/20

Exploit Prediction Scoring System (EPSS)

Percentile	0.56564
EPSS Score	0.00345
Published At	Dec. 19, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-12-19T17:26:03.749733+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	37.0.0