Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-32549
HistoryMay 25, 2021 - 12:00 a.m.

CVE-2021-32549

2021-05-2500:00:00
ubuntu.com
ubuntu.com
12
cve-2021-32549
openjdk-13
symbolic links
fifos
local users
apport hooks
data exposure
ubuntu
launchpad
bug

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

EPSS

0

Percentile

5.1%

JSON

It was discovered that read_file() in apport/hookutils.py would follow
symbolic links or open FIFOs. When this function is used by the openjdk-13
package apport hooks, it could expose private data to other local users.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchapport< 2.20.9-0ubuntu7.24UNKNOWN
ubuntu20.04noarchapport< 2.20.11-0ubuntu27.18UNKNOWN
ubuntu20.10noarchapport< 2.20.11-0ubuntu50.7UNKNOWN
ubuntu21.04noarchapport< 2.20.11-0ubuntu65.1UNKNOWN
ubuntu21.10noarchapport< 2.20.11-0ubuntu67UNKNOWN
ubuntu22.04noarchapport< 2.20.11-0ubuntu67UNKNOWN
ubuntu14.04noarchapport< 2.14.1-0ubuntu3.29+esm7UNKNOWN
ubuntu16.04noarchapport< 2.20.1-0ubuntu2.30+esm1UNKNOWN

Related

prion 1
cve 1
nvd 1
veracode 1
cvelist 1
ubuntu 2
osv 2
nessus 2
openvas 2
prion
prion
Open redirect
2021-06-12 04:15:00
cve
cve
CVE-2021-32549
2021-06-12 04:15:11
nvd
nvd
CVE-2021-32549
2021-06-12 04:15:11
veracode
veracode
Denial Of Service (DoS)
2021-06-06 10:38:22
cvelist
cvelist
CVE-2021-32549 apport read_file() function could follow maliciously constructed symbolic links
2021-06-12 03:40:37
ubuntu
ubuntu
Apport vulnerabilities
2021-05-25 00:00:00
Apport vulnerabilities
2021-05-25 00:00:00
osv
osv
apport vulnerabilities
2021-05-25 16:52:36
apport vulnerabilities
2021-05-25 18:20:14
nessus
nessus
Ubuntu 16.04 ESM : Apport vulnerabilities (USN-4965-2)
2021-05-25 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Apport vulnerabilities (USN-4965-1)
2021-05-25 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4965-1)
2021-05-26 00:00:00
Ubuntu: Security Advisory (USN-4965-2)
2022-08-26 00:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

EPSS

0

Percentile

5.1%

JSON
Related for UB:CVE-2021-32549
prion1cve1nvd1veracode1cvelist1ubuntu2osv2nessus2openvas2