CVE-2021-29133

MEDIUM

Alpine Linux Configuration Framework <0.9.36 - Info Disclosure

Title source: llm
STIX 2.1

Description

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.

References (4)

Core 4
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/rapid7/metasploit-framework/pull/14833
Issue Tracking, Vendor Advisory x_refsource_misc
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539
Third Party Advisory x_refsource_misc
https://twitter.com/steaIth/status/1364940271054712842

Scores

CVSS v3 5.5
EPSS 0.0108
EPSS Percentile 61.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (1)
haserl_project/haserl < 0.9.36
Published Mar 24, 2021
Tracked Since Feb 18, 2026