CVE-2020-27349

CWE-862Missing Authorization6 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 88.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical AptdaemonCanonical Ubuntu Linux
Timeline
PublishedDec 9
Latest updateMay 24

Description

Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5canonical/aptdaemon1.1.1+bzr982-0ubuntu141.1.1+bzr982-0ubuntu14.5+3
Ubuntuaptdaemon< 1.1.1+bzr982-0ubuntu14.5+2

Also affects: Ubuntu Linux 16.04, 18.04, 20.04, 20.10

Patches

Patch: usn.ubuntu.comPatch: usn.ubuntu.com

🔴Vulnerability Details

4
GHSA
GHSA-qxjq-5hf8-7hff: Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges2022-05-24
CVEList
aptdaemon performed policykit permissions checks too late2020-12-09
OSV
CVE-2020-27349: Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges2020-12-08
OSV
aptdaemon vulnerabilities2020-12-08

📋Vendor Advisories

1
Ubuntu
Aptdaemon vulnerabilities2020-12-08
CVE-2020-27349 (MEDIUM CVSS 5.5) | Aptdaemon performed policykit check | cvebase.io