{"id":"ALPINE-CVE-2018-21269","details":"checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.","modified":"2025-11-19T06:18:25.069692Z","published":"2020-10-27T04:15:10.957Z","upstream":["CVE-2018-21269"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2018-21269"}],"affected":[{"package":{"name":"openrc","ecosystem":"Alpine:v3.10","purl":"pkg:apk/alpine/openrc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.41.2-r2"}]}],"versions":["0.10.5-r0","0.10.5-r1","0.10.5-r2","0.10.5-r3","0.10.5-r4","0.10.5-r5","0.10.5-r6","0.10.5-r7","0.10.5-r8","0.10.5-r9","0.11.8-r0","0.11.8-r1","0.11.8-r2","0.12.4-r0","0.12.4-r1","0.12.4-r2","0.12.4-r3","0.12.4-r4","0.12.4-r5","0.12.4-r6","0.12.4-r7","0.12.4-r8","0.14-r0","0.14-r1","0.14-r2","0.14-r3","0.15-r0","0.15-r1","0.15.1-r0","0.15.1-r1","0.15.1-r2","0.16.4-r0","0.17-r0","0.17-r1","0.17-r2","0.17-r3","0.18.3-r0","0.18.3-r1","0.18.3-r2","0.18.3-r3","0.18.3-r4","0.19-r0","0.19-r1","0.19-r2","0.19-r3","0.19-r4","0.20.4-r0","0.20.4-r1","0.20.5-r0","0.20.5-r1","0.21-r0","0.21.2-r0","0.21.2-r1","0.21.2-r2","0.21.3-r0","0.21.3-r1","0.21.3-r2","0.21.3-r3","0.21.3-r4","0.21.3-r5","0.21.7-r0","0.21.7-r1","0.21.7-r2","0.21.7-r3","0.21.7-r4","0.23.2-r0","0.24.1-r0","0.24.1-r1","0.24.1-r2","0.24.1-r3","0.24.1-r4","0.24.1-r5","0.24.1-r6","0.3.0-r0","0.35.5-r0","0.35.5-r1","0.35.5-r2","0.35.5-r3","0.35.5-r4","0.38.3-r0","0.39.2-r0","0.39.2-r1","0.39.2-r2","0.39.2-r3","0.39.2-r4","0.39.2-r5","0.4.2-r0","0.4.3-r0","0.4.3-r3","0.4.3-r4","0.41.2-r0","0.41.2-r1","0.5.0-r0","0.5.0-r1","0.5.0-r10","0.5.0-r11","0.5.0-r12","0.5.0-r13","0.5.0-r2","0.5.0-r3","0.5.0-r4","0.5.0-r5","0.5.0-r6","0.5.0-r7","0.5.0-r8","0.5.0-r9","0.6.0-r0","0.6.0-r1","0.6.1-r0","0.6.1-r1","0.6.1-r2","0.6.1-r3","0.6.1-r4","0.6.1-r5","0.7.0-r0","0.7.0-r1","0.8.0-r0","0.8.0-r1","0.8.2-r0","0.8.2-r1","0.8.2-r2","0.8.3-r0","0.8.3-r1","0.8.3-r2","0.8.3-r3","0.8.3-r4","0.8.3-r5","0.8.3-r6","0.8.3-r7","0.9.7-r0","0.9.8.4-r0","0.9.8.4-r1"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2018-21269.json"}},{"package":{"name":"openrc","ecosystem":"Alpine:v3.11","purl":"pkg:apk/alpine/openrc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.42.1-r3"}]}],"versions":["0.10.5-r0","0.10.5-r1","0.10.5-r2","0.10.5-r3","0.10.5-r4","0.10.5-r5","0.10.5-r6","0.10.5-r7","0.10.5-r8","0.10.5-r9","0.11.8-r0","0.11.8-r1","0.11.8-r2","0.12.4-r0","0.12.4-r1","0.12.4-r2","0.12.4-r3","0.12.4-r4","0.12.4-r5","0.12.4-r6","0.12.4-r7","0.12.4-r8","0.14-r0","0.14-r1","0.14-r2","0.14-r3","0.15-r0","0.15-r1","0.15.1-r0","0.15.1-r1","0.15.1-r2","0.16.4-r0","0.17-r0","0.17-r1","0.17-r2","0.17-r3","0.18.3-r0","0.18.3-r1","0.18.3-r2","0.18.3-r3","0.18.3-r4","0.19-r0","0.19-r1","0.19-r2","0.19-r3","0.19-r4","0.20.4-r0","0.20.4-r1","0.20.5-r0","0.20.5-r1","0.21-r0","0.21.2-r0","0.21.2-r1","0.21.2-r2","0.21.3-r0","0.21.3-r1","0.21.3-r2","0.21.3-r3","0.21.3-r4","0.21.3-r5","0.21.7-r0","0.21.7-r1","0.21.7-r2","0.21.7-r3","0.21.7-r4","0.23.2-r0","0.24.1-r0","0.24.1-r1","0.24.1-r2","0.24.1-r3","0.24.1-r4","0.24.1-r5","0.24.1-r6","0.3.0-r0","0.35.5-r0","0.35.5-r1","0.35.5-r2","0.35.5-r3","0.35.5-r4","0.38.3-r0","0.39.2-r0","0.39.2-r1","0.39.2-r2","0.39.2-r3","0.39.2-r4","0.39.2-r5","0.4.2-r0","0.4.3-r0","0.4.3-r3","0.4.3-r4","0.41.2-r0","0.41.2-r1","0.41.2-r2","0.42.1-r0","0.42.1-r1","0.42.1-r2","0.5.0-r0","0.5.0-r1","0.5.0-r10","0.5.0-r11","0.5.0-r12","0.5.0-r13","0.5.0-r2","0.5.0-r3","0.5.0-r4","0.5.0-r5","0.5.0-r6","0.5.0-r7","0.5.0-r8","0.5.0-r9","0.6.0-r0","0.6.0-r1","0.6.1-r0","0.6.1-r1","0.6.1-r2","0.6.1-r3","0.6.1-r4","0.6.1-r5","0.7.0-r0","0.7.0-r1","0.8.0-r0","0.8.0-r1","0.8.2-r0","0.8.2-r1","0.8.2-r2","0.8.3-r0","0.8.3-r1","0.8.3-r2","0.8.3-r3","0.8.3-r4","0.8.3-r5","0.8.3-r6","0.8.3-r7","0.9.7-r0","0.9.8.4-r0","0.9.8.4-r1"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2018-21269.json"}},{"package":{"name":"openrc","ecosystem":"Alpine:v3.12","purl":"pkg:apk/alpine/openrc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.42.1-r12"}]}],"versions":["0.10.5-r0","0.10.5-r1","0.10.5-r2","0.10.5-r3","0.10.5-r4","0.10.5-r5","0.10.5-r6","0.10.5-r7","0.10.5-r8","0.10.5-r9","0.11.8-r0","0.11.8-r1","0.11.8-r2","0.12.4-r0","0.12.4-r1","0.12.4-r2","0.12.4-r3","0.12.4-r4","0.12.4-r5","0.12.4-r6","0.12.4-r7","0.12.4-r8","0.14-r0","0.14-r1","0.14-r2","0.14-r3","0.15-r0","0.15-r1","0.15.1-r0","0.15.1-r1","0.15.1-r2","0.16.4-r0","0.17-r0","0.17-r1","0.17-r2","0.17-r3","0.18.3-r0","0.18.3-r1","0.18.3-r2","0.18.3-r3","0.18.3-r4","0.19-r0","0.19-r1","0.19-r2","0.19-r3","0.19-r4","0.20.4-r0","0.20.4-r1","0.20.5-r0","0.20.5-r1","0.21-r0","0.21.2-r0","0.21.2-r1","0.21.2-r2","0.21.3-r0","0.21.3-r1","0.21.3-r2","0.21.3-r3","0.21.3-r4","0.21.3-r5","0.21.7-r0","0.21.7-r1","0.21.7-r2","0.21.7-r3","0.21.7-r4","0.23.2-r0","0.24.1-r0","0.24.1-r1","0.24.1-r2","0.24.1-r3","0.24.1-r4","0.24.1-r5","0.24.1-r6","0.3.0-r0","0.35.5-r0","0.35.5-r1","0.35.5-r2","0.35.5-r3","0.35.5-r4","0.38.3-r0","0.39.2-r0","0.39.2-r1","0.39.2-r2","0.39.2-r3","0.39.2-r4","0.39.2-r5","0.4.2-r0","0.4.3-r0","0.4.3-r3","0.4.3-r4","0.41.2-r0","0.41.2-r1","0.41.2-r2","0.42.1-r0","0.42.1-r1","0.42.1-r10","0.42.1-r11","0.42.1-r2","0.42.1-r3","0.42.1-r4","0.42.1-r5","0.42.1-r6","0.42.1-r7","0.42.1-r8","0.42.1-r9","0.5.0-r0","0.5.0-r1","0.5.0-r10","0.5.0-r11","0.5.0-r12","0.5.0-r13","0.5.0-r2","0.5.0-r3","0.5.0-r4","0.5.0-r5","0.5.0-r6","0.5.0-r7","0.5.0-r8","0.5.0-r9","0.6.0-r0","0.6.0-r1","0.6.1-r0","0.6.1-r1","0.6.1-r2","0.6.1-r3","0.6.1-r4","0.6.1-r5","0.7.0-r0","0.7.0-r1","0.8.0-r0","0.8.0-r1","0.8.2-r0","0.8.2-r1","0.8.2-r2","0.8.3-r0","0.8.3-r1","0.8.3-r2","0.8.3-r3","0.8.3-r4","0.8.3-r5","0.8.3-r6","0.8.3-r7","0.9.7-r0","0.9.8.4-r0","0.9.8.4-r1"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2018-21269.json"}},{"package":{"name":"openrc","ecosystem":"Alpine:v3.13","purl":"pkg:apk/alpine/openrc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.42.1-r20"}]}],"versions":["0.10.5-r0","0.10.5-r1","0.10.5-r2","0.10.5-r3","0.10.5-r4","0.10.5-r5","0.10.5-r6","0.10.5-r7","0.10.5-r8","0.10.5-r9","0.11.8-r0","0.11.8-r1","0.11.8-r2","0.12.4-r0","0.12.4-r1","0.12.4-r2","0.12.4-r3","0.12.4-r4","0.12.4-r5","0.12.4-r6","0.12.4-r7","0.12.4-r8","0.14-r0","0.14-r1","0.14-r2","0.14-r3","0.15-r0","0.15-r1","0.15.1-r0","0.15.1-r1","0.15.1-r2","0.16.4-r0","0.17-r0","0.17-r1","0.17-r2","0.17-r3","0.18.3-r0","0.18.3-r1","0.18.3-r2","0.18.3-r3","0.18.3-r4","0.19-r0","0.19-r1","0.19-r2","0.19-r3","0.19-r4","0.20.4-r0","0.20.4-r1","0.20.5-r0","0.20.5-r1","0.21-r0","0.21.2-r0","0.21.2-r1","0.21.2-r2","0.21.3-r0","0.21.3-r1","0.21.3-r2","0.21.3-r3","0.21.3-r4","0.21.3-r5","0.21.7-r0","0.21.7-r1","0.21.7-r2","0.21.7-r3","0.21.7-r4","0.23.2-r0","0.24.1-r0","0.24.1-r1","0.24.1-r2","0.24.1-r3","0.24.1-r4","0.24.1-r5","0.24.1-r6","0.3.0-r0","0.35.5-r0","0.35.5-r1","0.35.5-r2","0.35.5-r3","0.35.5-r4","0.38.3-r0","0.39.2-r0","0.39.2-r1","0.39.2-r2","0.39.2-r3","0.39.2-r4","0.39.2-r5","0.4.2-r0","0.4.3-r0","0.4.3-r3","0.4.3-r4","0.41.2-r0","0.41.2-r1","0.41.2-r2","0.42.1-r0","0.42.1-r1","0.42.1-r10","0.42.1-r11","0.42.1-r12","0.42.1-r13","0.42.1-r14","0.42.1-r15","0.42.1-r16","0.42.1-r17","0.42.1-r18","0.42.1-r19","0.42.1-r2","0.42.1-r3","0.42.1-r4","0.42.1-r5","0.42.1-r6","0.42.1-r7","0.42.1-r8","0.42.1-r9","0.5.0-r0","0.5.0-r1","0.5.0-r10","0.5.0-r11","0.5.0-r12","0.5.0-r13","0.5.0-r2","0.5.0-r3","0.5.0-r4","0.5.0-r5","0.5.0-r6","0.5.0-r7","0.5.0-r8","0.5.0-r9","0.6.0-r0","0.6.0-r1","0.6.1-r0","0.6.1-r1","0.6.1-r2","0.6.1-r3","0.6.1-r4","0.6.1-r5","0.7.0-r0","0.7.0-r1","0.8.0-r0","0.8.0-r1","0.8.2-r0","0.8.2-r1","0.8.2-r2","0.8.3-r0","0.8.3-r1","0.8.3-r2","0.8.3-r3","0.8.3-r4","0.8.3-r5","0.8.3-r6","0.8.3-r7","0.9.7-r0","0.9.8.4-r0","0.9.8.4-r1"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2018-21269.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}