CVE-2020-16128

2020-12-0800:00:00

ubuntu.com

aptdaemon

dbus

file existence disclosure

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS

Percentile

12.6%

JSON

The aptdaemon DBus interface disclosed file existence disclosure by setting
Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196.
This affected versions prior to 1.1.1+bzr982-0ubuntu34.1,
1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5,
1.1.1+bzr982-0ubuntu14.5.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchaptdaemon< 1.1.1+bzr982-0ubuntu19.5UNKNOWN
ubuntu20.04noarchaptdaemon< 1.1.1+bzr982-0ubuntu32.3UNKNOWN
ubuntu20.10noarchaptdaemon< 1.1.1+bzr982-0ubuntu34.1UNKNOWN
ubuntu16.04noarchaptdaemon< 1.1.1+bzr982-0ubuntu14.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	aptdaemon	< 1.1.1+bzr982-0ubuntu19.5	UNKNOWN
ubuntu	20.04	noarch	aptdaemon	< 1.1.1+bzr982-0ubuntu32.3	UNKNOWN
ubuntu	20.10	noarch	aptdaemon	< 1.1.1+bzr982-0ubuntu34.1	UNKNOWN
ubuntu	16.04	noarch	aptdaemon	< 1.1.1+bzr982-0ubuntu14.5	UNKNOWN