Vulnerability Description
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pi-Hole | Pi-Hole | <= 5.2.4 |
Related Weaknesses (CWE)
References
- https://github.com/pi-hole/pi-hole/security/advisories/GHSA-3597-244c-wrpjExploitThird Party Advisory
- https://github.com/pi-hole/pi-hole/security/advisories/GHSA-3597-244c-wrpjExploitThird Party Advisory
- http://packetstormsecurity.com/files/163715/Pi-Hole-Remove-Commands-Linux-PrivilExploitThird Party AdvisoryVDB Entry
- https://github.com/pi-hole/pi-hole/security/advisories/GHSA-3597-244c-wrpjExploitThird Party Advisory
- https://www.compass-security.com/fileadmin/Research/Advisories/2021-02_CSNC-2021ExploitThird Party Advisory
FAQ
What is CVE-2021-29449?
CVE-2021-29449 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the refere...
How severe is CVE-2021-29449?
CVE-2021-29449 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29449?
Check the references section above for vendor advisories and patch information. Affected products include: Pi-Hole Pi-Hole.