Lucene search

Ubuntu.comUB:CVE-2014-1422

HistoryJul 22, 2020 - 12:00 a.m.

CVE-2014-1422

2020-07-2200:00:00

ubuntu.com

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.1%

JSON

In Ubuntu’s trust-store, if a user revokes location access from an
application, the location is still available to the application because the
application will honour incorrect, cached permissions. This is because the
cache was not ordered by creation time by the Select struct in
src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu)
version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version
1.1.0+15.04.20150123~rtm-0ubuntu1.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/location-service/+bug/1387734>

References

launchpad.net/bugs/cve/CVE-2014-1422

nvd.nist.gov/vuln/detail/CVE-2014-1422

security-tracker.debian.org/tracker/CVE-2014-1422

www.cve.org/CVERecord?id=CVE-2014-1422

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for UB:CVE-2014-1422