CVE-2022-0987Sensitive Information Exposure in Redhat Enterprise Linux

CWE-200Sensitive Information Exposure6 documents6 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 70.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedJun 28
Latest updateJun 29

Description

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages0 packages

Also affects: Enterprise Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-cxr3-mmp5-f58q: A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files2022-06-29
OSV
CVE-2022-0987: A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files2022-06-28
CVEList
CVE-2022-0987: A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files2022-06-28

📋Vendor Advisories

2
Red Hat
PackageKit: Information Disclosure in Transaction Interface via timing2022-03-15
Debian
CVE-2022-0987: packagekit - A flaw was found in PackageKit in the way some of the methods exposed by the Tra...2022
CVE-2022-0987 — Sensitive Information Exposure | cvebase