CVE-2021-3981

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3981

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3981.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3981

Related

Published

2022-03-10T17:43:14Z

Modified

2024-09-18T03:15:52.834918Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.

References

Affected packages

Debian:11 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.04-20

2.06-1

2.06-2

2.06-2+hurd.1

2.06-2+hurd.2

2.06-2+hurd.3

2.06-2+hurd.4

2.06-2+hurd.5

2.06-2+hurd.6

2.06-2+hurd.7

2.06-2+hurd.8

2.06-3~deb10u1

2.06-3~deb10u2

2.06-3~deb10u3

2.06-3~deb10u4

2.06-3~deb11u1

2.06-3~deb11u2

2.06-3~deb11u4

2.06-3~deb11u5

2.06-3~deb11u6

2.06-3

2.06-4

2.06-4+hurd.1

2.06-5

2.06-6

2.06-7

2.06-8

2.06-8+hurd.1

2.06-8.1

2.06-9

2.06-10

2.06-11

2.06-12

2.06-13

2.06-13+hurd.1

2.06-13+hurd.2

2.06-14

2.12~rc1-1

2.12~rc1-2

2.12~rc1-3

2.12~rc1-6

2.12~rc1-7

2.12~rc1-8

2.12~rc1-9

2.12~rc1-10

2.12~rc1-11

2.12~rc1-12

2.12~rc1-13

2.12-1~bpo12+1

2.12-1

2.12-1.1

2.12-2~deb13u1

2.12-2

2.12-3

2.12-4

2.12-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}