CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
haserl_projecthaserl
𝑥
< 0.9.36
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
haserl
groovy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
References
https://github.com/rapid7/metasploit-framework/pull/14833
https://github.com/rapid7/metasploit-framework/pull/14833/commits/5bf6b2d094deb22fa8183ce161b90cbe4fd40a70
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539
https://twitter.com/steaIth/status/1364940271054712842
https://github.com/rapid7/metasploit-framework/pull/14833
https://github.com/rapid7/metasploit-framework/pull/14833/commits/5bf6b2d094deb22fa8183ce161b90cbe4fd40a70
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539
https://twitter.com/steaIth/status/1364940271054712842