A vulnerability in the D-Bus proxy of Flatpak could allow a local attacker to bypass sandbox protections on a targeted system.
The vulnerability exists in the dbus-proxy/flatpak-proxy.c
source code file of the affected software. The D-Bus proxy of the affected software improperly filters access to the D-Bus daemon on an affected system during the authentication phase. An attacker could exploit this vulnerability by executing an application that submits malicious D-Bus messages to the targeted system. A successful exploit could allow the attacker to escape sandbox protections, which could allow the attacker to have full access to the D-Bus interface on the system.
Flatpak confirmed the vulnerability and released software updates.