CVE-2021-3981
CVSS V2 Low 2.1
CVSS V3 Low 3.3
Description
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
Overview
- CVE ID
- CVE-2021-3981
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2022-03-10T17:43:14
- Last Modified Date
- 2023-02-12T23:43:06
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* | 1 | OR | 2.06 | |
| cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 2.1
- Severity
- LOW
- Exploitability Score
- 3.9
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- LOW
- Availability Impact
- NONE
- Base Score
- 3.3
- Base Severity
- LOW
- Exploitability Score
- 1.8
- Impact Score
- 1.4
References
| Reference URL | Reference Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2022:2110 | |
| https://access.redhat.com/security/cve/CVE-2021-3981 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2024170 | Issue Tracking Patch Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/ | |
| https://security.gentoo.org/glsa/202209-12 | Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-3981 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3981 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 15:45:55 | Added to TrackCVE | |||
| 2022-12-06 11:43:10 | 2022-03-10T17:43Z | 2022-03-10T17:43:14 | CVE Published Date | updated |
| 2022-12-06 11:43:10 | 2022-10-28T13:22:02 | CVE Modified Date | updated | |
| 2022-12-06 11:43:10 | Analyzed | Vulnerability Status | updated | |
| 2022-12-06 11:43:15 | References | updated | ||
| 2023-02-02 23:13:16 | 2023-02-02T21:21:38 | CVE Modified Date | updated | |
| 2023-02-02 23:13:16 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-02-02 23:13:17 | A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. | A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. | Description | updated |
| 2023-02-02 23:13:19 | References | updated | ||
| 2023-02-13 00:13:57 | 2023-02-12T23:43:06 | CVE Modified Date | updated | |
| 2023-02-13 00:13:58 | A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. | A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. | Description | updated |