Packagekit
CVE-2020-16121
LOW
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
AnalysisAI
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-209. PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. Affected products include: Packagekit Project Packagekit, Canonical Ubuntu Linux.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Packagekit
View allLocal privilege escalation in PackageKit 1.0.2-1.3.4 allows unprivileged Linux users to install arbitrary RPM packages a
PackageKit's apt backend mistakenly treated all local debs as trusted. Rated high severity (CVSS 7.8), this vulnerabilit
Improper authorization in PackageKit up to 1.3.5 allows a low-privileged authenticated remote attacker to bypass access
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privile
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. Rated
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updat
A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexi
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today