CVE-2014-1422

EUVD-2014-1498
In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
canonicalCNA
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
canonicaltrust-store_\(ubuntu\)
𝑥
< 1.1.0
canonicaltrust-store_\(ubuntu_rtm\)
𝑥
< 1.1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
trust-store
lucid
dne
precise
dne
trusty
dne
utopic
ignored
vivid
not-affected
Common Weakness Enumeration
References
https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82
https://launchpad.net/bugs/1387734
https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82
https://launchpad.net/bugs/1387734