CVE-2013-1764Project Packagekit vulnerability

CWE-2646 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 80.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Packagekit Project Packagekit
Timeline
PublishedApr 16
Latest updateMay 17

Description

The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: bugs.freedesktop.orgPatch: bugs.freedesktop.org

🔴Vulnerability Details

2
GHSA
GHSA-9g9q-8hww-wvfx: The Zypper (aka zypp) backend in PackageKit before 02022-05-17
CVEList
CVE-2013-1764: The Zypper (aka zypp) backend in PackageKit before 02014-04-16

📋Vendor Advisories

2
Red Hat
PackageKit: downgrade packages when using the Zypper backend2013-07-30
Debian
CVE-2013-1764: packagekit - The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to d...2013

💬Community

1
Bugzilla
CVE-2013-1764 PackageKit: downgrade packages when using the Zypper backend2014-04-24
CVE-2013-1764 — Project Packagekit vulnerability | cvebase