CVE-2020-15703

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-15703
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15703.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-15703
Aliases
Downstream
Published
2020-10-31T04:15:10.897Z
Modified
2026-03-14T10:18:26.990922Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.1.1-bzr982\\-0ubuntu14\\.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.1.1-bzr982\\-0ubuntu19\\.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.1.1-bzr982\\-0ubuntu32\\.2"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15703.json"