CVE-2020-16121
packagekit - security update
3.3
LOW
CVSS 3.1
EPSS 0.10%
Description
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
How to fix CVE-2020-16121
To remediate CVE-2020-16121, upgrade the affected package to a fixed version below.
- Debian/packagekit—upgrade to 1.2.1-1 or later
- —upgrade to 1.1.5-2+deb9u2 or later
Is CVE-2020-16121 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.2.1-1
- from 0, < 1.1.5-2+deb9u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |