PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 | Issue Tracking Third Party Advisory |
https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html | Exploit Third Party Advisory |
Information
Published : 2020-11-06 20:15
Updated : 2020-11-18 06:30
NVD link : CVE-2020-16121
Mitre link : CVE-2020-16121
JSON object : View
CWE
CWE-209
Generation of Error Message Containing Sensitive Information
Products Affected
packagekit_project
- packagekit
canonical
- ubuntu_linux