CVE-2020-16128 Aptdaemon error messages disclosed file existence to unprivileged users via dbus properties

2020-12-0903:35:16

CWE-209

canonical

www.cve.org

aptdaemon error messages disclosure

dbus properties

unprivileged users

ghsl-2020-192

ghsl-2020-196

file existence

aptdaemon versions

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

12.6%

JSON

The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.

CNA Affected

[
  {
    "product": "aptdaemon",
    "vendor": "Canonical",
    "versions": [
      {
        "lessThan": "1.1.1+bzr982-0ubuntu14.5",
        "status": "affected",
        "version": "1.1.1+bzr982-0ubuntu14",
        "versionType": "custom"
      },
      {
        "lessThan": "1.1.1+bzr982-0ubuntu19.5",
        "status": "affected",
        "version": "1.1.1+bzr982-0ubuntu19",
        "versionType": "custom"
      },
      {
        "lessThan": "1.1.1+bzr982-0ubuntu32.3",
        "status": "affected",
        "version": "1.1.1+bzr982-0ubuntu32",
        "versionType": "custom"
      },
      {
        "lessThan": "1.1.1+bzr982-0ubuntu34.1",
        "status": "affected",
        "version": "1.1.1+bzr982-0ubuntu34",
        "versionType": "custom"
      }
    ]
  }
]