CVE-2021-3709

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
01/10/2021
Last modified:
27/10/2022

Description

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu1:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu2:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.1:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.2:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.3:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.4:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.5:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.6:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.7:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.8:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.9:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.10:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.11:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.12:*:*:*:*:*:*:*