CVE-2011-2515 — Incorrect Permission Assignment in Packagekit

CWE-732 — Incorrect Permission Assignment9 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 62.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Packagekit Debian Linux Packagekit Project Packagekit +1 more

Timeline

PublishedNov 27

Latest updateApr 22

Description

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages3 packages

▶CVEListV5packagekit/packagekit0.6.15, 0.6.17+1

▶NVDpackagekit_project/packagekit0.6.17

▶NVDredhat/enterprise_linux_server6.0

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-wvrq-v7hr-q8xr: PackageKit 0↗2022-04-22

▶

OSV

CVE-2011-2515: PackageKit 0↗2019-11-27

▶

CVEList

CVE-2011-2515: PackageKit 0↗2019-11-27

▶

📋Vendor Advisories

Red Hat

PackageKit: installs unsigned RPM packages as though they were signed↗2011-07-01

▶

Debian

CVE-2011-2515: packagekit - PackageKit 0.6.17 allows installation of unsigned RPM packages as though they we...↗2011

▶

💬Community

Bugzilla

CVE-2011-2515 PackageKit: installs unsigned RPM packages as though they were signed [fedora-15]↗2011-07-01

▶

Bugzilla

CVE-2011-2515 PackageKit: installs unsigned RPM packages as though they were signed [fedora-rawhide]↗2011-07-01

▶

Bugzilla

CVE-2011-2515 PackageKit: installs unsigned RPM packages as though they were signed↗2011-06-29

▶