AZL-8937

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-8937.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-8937

Upstream

CVE-2021-3981

Published

2022-03-10T17:43:14Z

Modified

2026-04-01T05:23:36.673640Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

CVE-2021-3981 affecting package grub2 for versions less than 2.06-5

Details

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-3981

Affected packages

Azure Linux:2 / grub2

Package

Name: grub2
Purl: pkg:rpm/azure-linux/grub2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-8937.json"