CVE-2014-1422 Information
Feb 14, 2021
cve
Description
In Ubuntu’s trust-store if a user revokes location access from an application the location is still available to the application because the application will honour incorrect cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Reference
https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82 https://launchpad.net/bugs/1387734
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.0
Share on: