CVE-2014-1422

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
canonicalCNA
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
canonicaltrust-store_\(ubuntu\)
𝑥
< 1.1.0
canonicaltrust-store_\(ubuntu_rtm\)
𝑥
< 1.1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
trust-store
vivid
not-affected
utopic
ignored
trusty
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82
https://launchpad.net/bugs/1387734
https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82
https://launchpad.net/bugs/1387734