6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.5%
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.