Vulnerabilities > CVE-2020-27349 - Missing Authorization vulnerability in Canonical Ubuntu Linux

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

canonical

CWE-862

NVD

Published: 2020-12-09

Updated: 2020-12-11

Summary

Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.

Vulnerable Configurations

Part	Description	Count
OS	Canonical Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 20.04 Canonical Ubuntu Linux 20.10	4

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://usn.ubuntu.com/usn/usn-4664-1
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1899193