CVE-2021-32557 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-32557

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

Published: Jun 12, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-32557
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
canonical / apport	2.20.1	2.20.1-0ubuntu2.30\+esm1
canonical / apport	2.20.9	2.20.9-0ubuntu7.24
canonical / apport	2.20.11-0ubuntu27	2.20.11-0ubuntu27.18
canonical / apport	2.14.1-0ubuntu3	2.14.1-0ubuntu3.29\+esm7
canonical / apport	2.20.11-0ubuntu50	2.20.11-0ubuntu50.7
canonical / apport	2.20.11-0ubuntu65	2.20.11-0ubuntu65.1

https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904