CVE-2021-29133

EUVD-2021-15774
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
haserl_projecthaserl
𝑥
< 0.9.36
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
haserl
bionic
not-affected
focal
not-affected
groovy
not-affected
trusty
dne
xenial
not-affected
References
https://github.com/rapid7/metasploit-framework/pull/14833
https://github.com/rapid7/metasploit-framework/pull/14833/commits/5bf6b2d094deb22fa8183ce161b90cbe4fd40a70
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539
https://twitter.com/steaIth/status/1364940271054712842
https://github.com/rapid7/metasploit-framework/pull/14833
https://github.com/rapid7/metasploit-framework/pull/14833/commits/5bf6b2d094deb22fa8183ce161b90cbe4fd40a70
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539
https://twitter.com/steaIth/status/1364940271054712842