CVE-2020-16128

CWE-2096 documents5 sources
Severity
3.8LOW
EPSS
0.0%
top 88.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical AptdaemonCanonical Ubuntu Linux
Timeline
PublishedDec 9
Latest updateMay 24

Description

The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

Affected Packages2 packages

CVEListV5canonical/aptdaemon1.1.1+bzr982-0ubuntu141.1.1+bzr982-0ubuntu14.5+3
Ubuntuaptdaemon< 1.1.1+bzr982-0ubuntu14.5+2

Also affects: Ubuntu Linux 16.04, 18.04, 20.04, 20.10

Patches

Patch: usn.ubuntu.comPatch: usn.ubuntu.com

🔴Vulnerability Details

4
GHSA
GHSA-hpfw-6cc8-9hhj: The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-1962022-05-24
CVEList
Aptdaemon error messages disclosed file existence to unprivileged users via dbus properties2020-12-09
OSV
aptdaemon vulnerabilities2020-12-08
OSV
CVE-2020-16128: The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-1962020-12-08

📋Vendor Advisories

1
Ubuntu
Aptdaemon vulnerabilities2020-12-08
CVE-2020-16128 (LOW CVSS 3.8) | The aptdaemon DBus interface disclo | cvebase.io