CVE-2020-16121Information Exposure via Error Message in Packagekit

CWE-209Information Exposure via Error MessageCWE-200Sensitive Information Exposure10 documents8 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 72.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PackagekitCanonical Ubuntu Linux
Timeline
PublishedNov 7
Latest updateMay 24

Description

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5packagekit/packagekit1.1.13-2ubuntu1.1.13-2ubuntu1.1+2

Also affects: Ubuntu Linux 20.04

🔴Vulnerability Details

4
GHSA
GHSA-6g23-6jw5-9vrf: PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user w2022-05-24
OSV
CVE-2020-16121: PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user w2020-11-07
CVEList
PackageKit error messages leak presence and mimetype of files to unprivileged users2020-11-07
OSV
packagekit vulnerabilities2020-09-24

📋Vendor Advisories

3
Ubuntu
PackageKit vulnerabilities2020-09-24
Red Hat
PackageKit: local attacker could use this issue to learn the MIME type of any file on the system2020-09-24
Debian
CVE-2020-16121: packagekit - PackageKit provided detailed error messages to unprivileged callers that exposed...2020

💬Community

2
Bugzilla
CVE-2020-16121 PackageKit: local attacker could use this issue to learn the MIME type of any file on the system [fedora-all]2020-10-02
Bugzilla
CVE-2020-16121 PackageKit: local attacker could use this issue to learn the MIME type of any file on the system2020-10-02
CVE-2020-16121 — Information Exposure via Error Message | cvebase