CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.7%

CVSS Severity

CVSS v3 Score 8.2

CVSS v2 Score 2.1

References

https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098

Products affected by CVE-2020-16122

Packagekit Project » Packagekit » Version: N/A

cpe:2.3:a:packagekit_project:packagekit:-
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04
Canonical » Ubuntu Linux » Version: 20.04

cpe:2.3:o:canonical:ubuntu_linux:20.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-16122

Products

Pricing

Contact Us