CVE-2020-16128

The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.

Published: Dec 9, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-16128
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.8
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-209

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	20.04	20.04.x
canonical / ubuntu_linux	20.10	20.10.x

https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513
https://usn.ubuntu.com/usn/usn-4664-1

Vulnerability Database

289,697

CVE-2020-16128