CVE-2020-16121

PackageKit error messages leak presence and mimetype of files to unprivileged users

CVSS 3.3 LOWEPSS 0.5%CWE-209

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

07 Nov 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

PackageKit · PackageKit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html