CVE-2020-15709 — MEDIUM (5.5)

Q: How severe is CVE-2020-15709?

CVE-2020-15709 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-15709?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Add-Apt-Repository.

Vulnerability Description

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Canonical	Add-Apt-Repository	>= 0.92.37.0, < 0.92.37.8ubuntu0.1\~esm1

Related Weaknesses (CWE)

CWE-20

References

https://git.launchpad.net/software-properties/commit/add-apt-repository?id=97e2fPatchThird Party Advisory
https://git.launchpad.net/software-properties/commit/add-apt-repository?id=97e2fPatchThird Party Advisory

FAQ

What is CVE-2020-15709?

CVE-2020-15709 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA ow...

How severe is CVE-2020-15709?

CVE-2020-15709 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15709?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Add-Apt-Repository.