CVE-2021-3800
glib2: Possible privilege escalation thourgh pkexec and aliases
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
Se ha encontrado un fallo en glib versiones anteriores a 2.63.6. Debido a los alias de conjuntos de caracteres aleatorios, pkexec puede filtrar el contenido de los archivos propiedad de usuarios con privilegios a los que no los presentan bajo la condiciĆ³n apropiada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-09-14 CVE Reserved
- 2021-11-10 CVE Published
- 2024-03-15 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-552: Files or Directories Accessible to External Parties
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20221028-0004 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2017/06/23/8 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1938284 | 2021-11-09 | |
| https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995 | 2023-04-25 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-3800 | 2021-11-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Glib Search vendor "Gnome" for product "Glib" | < 2.62.5 Search vendor "Gnome" for product "Glib" and version " < 2.62.5" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Glib Search vendor "Gnome" for product "Glib" | >= 2.63.0 < 2.63.6 Search vendor "Gnome" for product "Glib" and version " >= 2.63.0 < 2.63.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||