First Last Prev Next    This bug is not in your last search results.
Bug 1191219 - (CVE-2021-3710) VUL-1: CVE-2021-3710: apport,apport-crashdb-sle: An information disclosure via path traversal was discovered in apport/hookutils.py function read_file()
(CVE-2021-3710)
VUL-1: CVE-2021-3710: apport,apport-crashdb-sle: An information disclosure vi...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Matej Cepl
Security Team bot
https://smash.suse.de/issue/311482/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-10-01 10:35 UTC by Gabriele Sonnu
Modified: 2021-10-01 10:35 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2021-10-01 10:35:05 UTC 
An information disclosure via path traversal was discovered in
apport/hookutils.py function read_file(). This issue affects: apport 2.14.1
versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to
2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11
versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to
2.20.11-0ubuntu65.3;

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710
https://ubuntu.com/security/notices/USN-5077-1
https://ubuntu.com/security/notices/USN-5077-2
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832
Comment 1 Gabriele Sonnu 2021-10-01 10:35:22 UTC 
None of our packages is affected.
First Last Prev Next    This bug is not in your last search results.