CVE-2020-16121
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PackageKit | PackageKit | 1.1.13-2ubuntu < 1.1.13-2ubuntu1.1 | affected |
| PackageKit | PackageKit | 1.1.9-1ubuntu2 < 1.1.9-1ubuntu2.18.04.6 | affected |
| PackageKit | PackageKit | 0.8.17-4ubuntu6 < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 | affected |
Weaknesses
- CWE-209: CWE-209 Information Exposure Through an Error Message
ADP Enrichment
CVE Program Container
Additional References
- https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html
- https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887
References
- https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html
- https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.