QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3710

Published: Oct 1, 2021

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;

Vendor	Product	Versions
Canonical	apport	affected `2.14.1 - < 2.14.1-0ubuntu3.29+esm8` affected `2.20.1 - < 2.20.1-0ubuntu2.30+esm2` affected `2.20.9 - < 2.20.9-0ubuntu7.26` affected `2.20.11 - < 2.20.11-0ubuntu27.20`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

References

https://ubuntu.com/security/notices/USN-5077-1

x_refsource_MISC

https://ubuntu.com/security/notices/USN-5077-2

x_refsource_MISC

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710

x_refsource_MISC

https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.