CVE-2021-29133

Name
CVE-2021-29133
Description
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://twitter.com/steaIth/status/1364940271054712842
Issue Tracking https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539
Patch https://github.com/rapid7/metasploit-framework/pull/14833/commits/5bf6b2d094deb22fa8183ce161b90cbe4fd40a70
Exploit https://github.com/rapid7/metasploit-framework/pull/14833

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:haserl_project:haserl:*:*:*:*:*:*:*:* haserl >= None < 0.9.36

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
haserl 3.13-main 0.9.36-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
haserl 3.12-main 0.9.36-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
haserl 3.11-main 0.9.36-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
haserl 3.10-main 0.9.36-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
haserl 3.14-main 0.9.36-r0 Natanael Copa <ncopa@alpinelinux.org> fixed