Unrated severityNVD Advisory· Published Nov 7, 2020· Updated Sep 16, 2024
Packagekit's apt backend lets user install untrusted local packages
CVE-2020-16122
Description
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- PackageKit/packagekitv5Range: 1.1.13-2ubuntu
Patches
Vulnerability mechanics
References
1- bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.