What is the severity of CVE-2014-1422?

CVE-2014-1422 is categorized as a medium severity vulnerability due to its impact on user privacy and location access.

How does CVE-2014-1422 affect application permissions?

CVE-2014-1422 allows applications to access cached location data even after permission is revoked by the user.

Which software is affected by CVE-2014-1422?

CVE-2014-1422 affects Canonical Trust-store in Ubuntu versions up to 1.1.0.

How do I fix CVE-2014-1422?

To fix CVE-2014-1422, upgrade the Canonical Trust-store to a version higher than 1.1.0.

What is the nature of the vulnerability in CVE-2014-1422?

CVE-2014-1422 stems from how the trust-store caches permissions, which does not prioritize revocation correctly.

Vulnerability/
CVE-2014-1422

medium

CWE

732 275 89

30/10/2014

6/8/2024

CVE-2014-1422: Location service uses cached authorization even after revocation

First published: Thu Oct 30 2014(Updated: )

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.

Credit: security@ubuntu.com

Affected Software	Affected Version	How to fix
Canonical Trust-store (ubuntu)	<1.1.0
Canonical Trust-store (ubuntu Rtm)	<1.1.0

Remedy

https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82

Remedy

https://launchpad.net/bugs/1387734

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-1422?
CVE-2014-1422 is categorized as a medium severity vulnerability due to its impact on user privacy and location access.
How does CVE-2014-1422 affect application permissions?
CVE-2014-1422 allows applications to access cached location data even after permission is revoked by the user.
Which software is affected by CVE-2014-1422?
CVE-2014-1422 affects Canonical Trust-store in Ubuntu versions up to 1.1.0.
How do I fix CVE-2014-1422?
To fix CVE-2014-1422, upgrade the Canonical Trust-store to a version higher than 1.1.0.
What is the nature of the vulnerability in CVE-2014-1422?
CVE-2014-1422 stems from how the trust-store caches permissions, which does not prioritize revocation correctly.

agent/references
agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/title
agent/author
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/canonical
canonical/canonical trust-store (ubuntu)
canonical/canonical trust-store (ubuntu rtm)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.