CVE-2021-29449

Published: Apr 14, 2021Modified: Apr 6, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.

Affected (1)

Products: Pi Hole: Pi Hole

Pi Hole

1 product

Pi Hole

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pi Hole Pi Hole	Up to 5.2.4

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (5)

https://github.com/pi-hole/pi-hole/security/advisories/GHSA-3597-244c-wrpj

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/pi-hole/pi-hole/security/advisories/GHSA-3597-244c-wrpj

Source: security-advisories@github.com

ExploitThird Party Advisory

http://packetstormsecurity.com/files/163715/Pi-Hole-Remove-Commands-Linux-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://github.com/pi-hole/pi-hole/security/advisories/GHSA-3597-244c-wrpj

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.compass-security.com/fileadmin/Research/Advisories/2021-02_CSNC-2021-008_Pi-hole_Privilege_Escalation.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.