CVE-2021-3800: Files or Directories Accessible to External Parties

August 23, 2022 (updated April 25, 2023)

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

References

access.redhat.com/security/cve/CVE-2021-3800
bugzilla.redhat.com/show_bug.cgi?id=1938284
gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995
nvd.nist.gov/vuln/detail/CVE-2021-3800
www.openwall.com/lists/oss-security/2017/06/23/8

Code Behaviors & Features

Detect and mitigate CVE-2021-3800 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →