Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2022-0987 - log back

CVE-2022-0987 edited at 09 May 2022 22:44:03

References

+	https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/

CVE-2022-0987 created at 09 May 2022 22:42:30

Severity

+

Low

Remote

+

Local

Type

+	Information disclosure

Description

+

A vulnerability was found in PackageKit in the way some of the methods exposed by the Transaction interface examine files without dropping privileges. The InstallFiles method, for example, will fail silently with a non-existing file, however if the file exists it will read the contents of the file and take longer to return than a non-existing file will. This vulnerability allows a local user to know whether a file owned by root or other users exists.

References

Notes