CVE-2020-16121

Published: Nov 7, 2020Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.

Affected (2)

Products: Packagekit Project: Packagekit · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Packagekit Project Packagekit	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 20.04

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (4)

https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887

Source: security@ubuntu.com

Issue TrackingThird Party Advisory

https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html

Source: security@ubuntu.com

ExploitThird Party Advisory

https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.