CVE-2022-0987

Published: Jun 28, 2022Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.

Affected (2)

Products: Packagekit Project: Packagekit · Redhat: Enterprise Linux

Packagekit Project

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Packagekit Project Packagekit	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 9.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=2064315

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2064315

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.