Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-16123

Опубликовано: 04 дек. 2020
Источник: nvd
CVSS3: 4.4
CVSS3: 4.7
CVSS2: 2.1
EPSS Низкий

Описание

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:*

EPSS

Процентиль: 25%
0.00086
Низкий

4.4 Medium

CVSS3

4.7 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-362
CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2020-16123

CVSS3: 4.4
ubuntu
около 5 лет назад

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.

redhat логотип

CVE-2020-16123

CVSS3: 5.9
redhat
около 5 лет назад

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.

debian логотип

CVE-2020-16123

CVSS3: 4.4
debian
около 5 лет назад

An Ubuntu-specific patch in PulseAudio created a race condition where ...

github логотип

GHSA-h38w-g4mp-rwv7

github
больше 3 лет назад

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.

EPSS

Процентиль: 25%
0.00086
Низкий

4.4 Medium

CVSS3

4.7 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-362
CWE-362