Permission Issues

CVE-2014-1422

Medium

5/10

Summary

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-275 - Permission Issues

Weaknesses in this category are related to improper assignment or handling of permissions.

References

Advisory Timeline

Published Jul 22, 2020

Permission Issues

CVE-2014-1422

Summary

CWE-275 - Permission Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS