CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
References
Link Resource
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098 Issue Tracking Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:packagekit_project:packagekit:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Information

Published : 2020-11-07 04:15

Updated : 2022-10-21 06:12


NVD link : CVE-2020-16122

Mitre link : CVE-2020-16122

Products Affected
No products.
CWE