CVE-2021-29133
MEDIUMAlpine Linux Configuration Framework <0.9.36 - Info Disclosure
Title source: llmDescription
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.
References (4)
Core 4
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/rapid7/metasploit-framework/pull/14833
Issue Tracking, Vendor Advisory x_refsource_misc
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539
Third Party Advisory x_refsource_misc
https://twitter.com/steaIth/status/1364940271054712842
Patch, Third Party Advisory x_refsource_misc
https://github.com/rapid7/metasploit-framework/pull/14833/commits/5bf6b2d094deb22fa8183ce161b90cbe4fd40a70
Scores
CVSS v3
5.5
EPSS
0.0108
EPSS Percentile
61.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (1)
haserl_project/haserl
< 0.9.36
Published
Mar 24, 2021
Tracked Since
Feb 18, 2026