CVE-2021-32555

CWE-59CWE-616 documents5 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 82.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical ApportCanonical Ubuntu Linux
Timeline
PublishedJun 12
Latest updateMay 24

Description

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:LExploitability: 2.0 | Impact: 4.7

Affected Packages2 packages

CVEListV5canonical/apport2.20.12.20.1-0ubuntu2.30+esm1+5
Ubuntuapport< 2.20.9-0ubuntu7.24+3

Also affects: Ubuntu Linux 18.04, 20.04, 20.10, 21.04, 21.10

🔴Vulnerability Details

3
GHSA
GHSA-f5pc-m8jm-j5w6: It was discovered that read_file() in apport/hookutils2022-05-24
CVEList
apport read_file() function could follow maliciously constructed symbolic links2021-06-12
OSV
CVE-2021-32555: It was discovered that read_file() in apport/hookutils2021-05-25

📋Vendor Advisories

2
Ubuntu
Apport vulnerabilities2021-05-25
Ubuntu
Apport vulnerabilities2021-05-25
CVE-2021-32555 (MEDIUM CVSS 5.5) | It was discovered that read_file() | cvebase.io