CVE-2022-0987
published 2022-06-28CVE-2022-0987: A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure…
low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | packagekit | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv3.3LOW
Red Hat
PackageKit: Information Disclosure in Transaction Interface via timing
vendor_redhat·2022-03-15·CVSS 3.3
CVE-2022-0987 [LOW] CWE-200 PackageKit: Information Disclosure in Transaction Interface via timing
PackageKit: Information Disclosure in Transaction Interface via timing
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
Package: PackageKit (Red Hat Enterprise Linux 6) - Out of support scope
Package: PackageKit (Red Hat Enterprise Linux 7) - Out of support scope
Package: PackageKit (Red Hat Enterprise Linux 8) - Fix deferred
Packa
Debian
CVE-2022-0987: packagekit - A flaw was found in PackageKit in the way some of the methods exposed by the Tra...
vendor_debian·2022·CVSS 3.3
CVE-2022-0987 [LOW] CVE-2022-0987: packagekit - A flaw was found in PackageKit in the way some of the methods exposed by the Tra...
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
GHSA
GHSA-cxr3-mmp5-f58q: A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files
ghsa_unreviewed·2022-06-29
CVE-2022-0987 [LOW] GHSA-cxr3-mmp5-f58q: A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
OSV
CVE-2022-0987: A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files
osv·2022-06-28·CVSS 3.3
CVE-2022-0987 [LOW] CVE-2022-0987: A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-28
Published