CVE-2020-16122
HIGHPackageKit - Improper Privilege Management via APT Backend
Title source: llmDescription
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098
Scores
CVSS v3
8.2
EPSS
0.0008
EPSS Percentile
23.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-269
CWE-345
Status
published
Products (4)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
packagekit_project/packagekit
Published
Nov 07, 2020
Tracked Since
Feb 18, 2026