Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2021-29429
| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
 | CVE-2021-29429 | 12 Apr 202122:15 | – | alpinelinux |
 | Gradle 安全漏洞 | 12 Apr 202100:00 | – | cnnvd |
 | CVE-2021-29429 | 12 Apr 202121:30 | – | cve |
 | CVE-2021-29429 Information disclosure through temporary directory permissions | 12 Apr 202121:30 | – | cvelist |
 | CVE-2021-29429 | 12 Apr 202121:30 | – | debiancve |
 | EUVD-2021-16060 | 7 Oct 202500:30 | – | euvd |
 | CVE-2021-29429 | 12 Apr 202122:15 | – | nvd |
 | openSUSE Security Advisory (SUSE-SU-2024:1119-1) | 6 Apr 202400:00 | – | openvas |
| SUSE: Security Advisory (SUSE-SU-2024:1119-1) | 7 May 202400:00 | – | openvas |
 | Oracle Critical Patch Update Advisory - January 2025 | 21 Jan 202500:00 | – | oracle |
10
| Source | Link |
|---|---|
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2021-29429 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(253268);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/28");
script_cve_id("CVE-2021-29429");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2021-29429");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- In Gradle before version 7.0, files created with open permissions in the system temporary directory can
allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local
information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system
temporary directory first. Sensitive information contained in these files can be exposed to other local
users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of
Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By
default, this directory is restricted to the user running the build. As a workaround, set a more
restrictive umask that removes read access to other users. When files are created in the system temporary
directory, they will not be accessible to other users. If you are unable to change your system's umask,
you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path
needs to limit permissions to the build user only. (CVE-2021-29429)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-29429");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:U/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-29429");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:13.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gradle");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12", "Host/OS/Debian Linux-13", "Host/OS/Debian Linux-14");
exit(0);
}
if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);
include('linux_unpatched.inc');
var distro_constraints_array = {
"Debian Linux-11": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "11",
"pkgs": [
{"reference": "gradle"},
{"reference": "gradle-doc"},
{"reference": "libgradle-core-java"},
{"reference": "libgradle-plugins-java"}
]
}
]
},
"Debian Linux-12": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "12",
"pkgs": [
{"reference": "gradle"},
{"reference": "gradle-doc"},
{"reference": "libgradle-core-java"},
{"reference": "libgradle-plugins-java"}
]
}
]
},
"Debian Linux-13": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "13",
"pkgs": [
{"reference": "gradle"},
{"reference": "gradle-doc"},
{"reference": "libgradle-core-java"},
{"reference": "libgradle-plugins-java"}
]
}
]
},
"Debian Linux-14": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "14",
"pkgs": [
{"reference": "gradle"},
{"reference": "gradle-doc"},
{"reference": "libgradle-core-java"},
{"reference": "libgradle-plugins-java"}
]
}
]
}
};
var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);
if (!empty_or_null(report))
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : report
);
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Apr 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 21.9
CVSS 3.14 - 5.5
EPSS0.0003