CVE-2020-16121

Summary

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.

Affected Software

VendorProductVersion RangeStatus
PackageKitPackageKit1.1.13-2ubuntu < 1.1.13-2ubuntu1.1affected
PackageKitPackageKit1.1.9-1ubuntu2 < 1.1.9-1ubuntu2.18.04.6affected
PackageKitPackageKit0.8.17-4ubuntu6 < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5affected

Weaknesses

  • CWE-209: CWE-209 Information Exposure Through an Error Message

ADP Enrichment

CVE Program Container

Additional References

References