Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
aptdaemon allows unprivileged users to test for the presence of local files via the transaction Locale property
Vulnerability Description
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Aptdaemon 路径遍历漏洞
Vulnerability Description
Aptdaemon是个人开发者的一个pypi的代码库。该库函数允许在 DBus 控制的背景进程中执行包管理任务。 Aptdaemon Locale 中存在路径遍历漏洞,该漏洞允许攻击者通过Aptdaemon的Locale绕过对数据的访问限制,以获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A