CVE-2021-3710

CWE-24CWE-22Path Traversal6 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 84.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Canonical Apport
Timeline
PublishedOct 1
Latest updateMay 24

Description

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

CVEListV5canonical/apport2.14.12.14.1-0ubuntu3.29+esm8+3
Ubuntuapport< 2.20.9-0ubuntu7.26+3
NVDcanonical/apport170 versions+169

🔴Vulnerability Details

3
GHSA
GHSA-f7hq-m55j-5752: An information disclosure via path traversal was discovered in apport/hookutils2022-05-24
CVEList
Apport info disclosure via path traversal bug in read_file2021-10-01
OSV
CVE-2021-3710: An information disclosure via path traversal was discovered in apport/hookutils2021-09-14

📋Vendor Advisories

2
Ubuntu
Apport vulnerabilities2021-09-14
Ubuntu
Apport vulnerabilities2021-09-14
CVE-2021-3710 (MEDIUM CVSS 5.5) | An information disclosure via path | cvebase.io