CVE-2020-16122
Summary
| CVE | CVE-2020-16122 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-07 04:15:00 UTC |
| Updated | 2022-10-21 18:12:00 UTC |
| Description | PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages. |
Risk And Classification
Problem Types: CWE-345
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Application | Freedesktop | Packagekit | - | All | All | All |
| Application | Freedesktop | Packagekit | - | All | All | All |
| Application | Packagekit Project | Packagekit | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug #1882098 “Packagekit lets user install untrusted local packa...” : Bugs : packagekit package : Ubuntu | CONFIRM | bugs.launchpad.net | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Sami Niemimäki and Esko Järnfors
There are currently no legacy QID mappings associated with this CVE.