CVE-2020-16121 LOW

CVE-2020-16121: PackageKit error messages leak presence and mimetype of files to unprivileged users

Vendor Packagekit
Product PackageKit
Weakness CWE-209 · Error message info leak
Published November 7, 2020
Last update September 17, 2024

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.

Key dates

02Disclosure timeline

November 7, 2020 CVE published
September 17, 2024 Record updated