An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1…
canonical·CWE-24·Published 2021-10-01
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
Se ha detectado una divulgación de información por medio de un salto de ruta en la función read_file() del archivo apport/hookutils.py. Este problema afecta a: las versiones de apport 2.14.1 anteriores a 2.14.1-0ubuntu3.29+esm8; versiones 2.20.1 anteriores a 2.20.1-0ubuntu2.30+esm2; versiones 2.20.9 anteriores a 2.20.9-0ubuntu7.26; versiones 2.20.11 anteriores a 2.20.11-0ubuntu27.20; versiones 2.20.11 anteriores a 2.20.11-0ubuntu65.3
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.7 | 3.4 | 6.9 | AV:L/AC:M/Au:N/C:C/I:N/A:N |
| 3.1 | Primary | cve.org | 6.5 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 6.5 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| 3.1 | Primary | NVD | 5.5 | 1.8 | 3.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Secondary | NVD | 6.5 | 2.0 | 4.0 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |