PT-2021-4107 · Please+1 · Please+1

Matthias Gerstner

Published

2021-03-17

Updated

2022-07-12

CVE-2021-31153

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions please versions prior to 0.4

Description The issue is related to the search path function and the --check option, -d of the please utility, which can lead to information disclosure in error messages. An attacker can exploit this to gain knowledge about the existence of files or directories in privileged locations.

Recommendations For versions prior to 0.4, consider disabling the search path function, the --check option, or the -d option as a temporary workaround until a patch is available. Restrict access to privileged locations to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-668

Related Identifiers

BDU:2021-04694

CVE-2021-31153

GHSA-F3FG-5J9P-VCHC

RUSTSEC-2021-0104

Affected Products

Ubuntu

Please

PT-2021-4107 · Please+1 · Please+1

CVE-2021-31153

Weakness Enumeration

Related Identifiers

Affected Products

References · 15