apport process_report() arbitrary file write
CVE-2021-32557
5.2MEDIUM
Summary
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
Affected Version(s)
apport 2.20.1 < 2.20.1-0ubuntu2.30+esm1
apport 2.20.9 < 2.20.9-0ubuntu7.24
apport 2.20.11-0ubuntu27 < 2.20.11-0ubuntu27.18
References
CVSS V3.1
Score:
5.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
[email protected] (@fktio)