Vulnerability: Information Disclosure via Symbolic Links and FIFOs in read_file()

Vulnerability: Information Disclosure via Symbolic Links and FIFOs in read_file()

CVE-2021-32554 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

Learn more about our User Device Pen Test.