CVE-2020-16121
Published: 24 September 2020
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
packagekit Launchpad, Ubuntu, Debian |
bionic |
Released
(1.1.9-1ubuntu2.18.04.6)
|
| focal |
Released
(1.1.13-2ubuntu1.1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(0.8.17-4ubuntu6~gcc5.4ubuntu1.5)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 3.3 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |