CVE-2018-1106
published 2018-04-23CVE-2018-1106: An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local…
medium5.5CVSS 3.0
AVLACLPRLUINSUCNIHAN
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | packagekit | < packagekit 1.1.10-1 (bookworm) | packagekit 1.1.10-1 (bookworm) |
| packagekit_project | packagekit | < 1.1.10 | 1.1.10 |
| red_hat_inc | packagekit | — | — |
| red_hat_inc | packagekit | >= 0 < 1.1.10-1 | 1.1.10-1 |
| red_hat_inc | packagekit | >= 0 < 1.1.10-1 | 1.1.10-1 |
| red_hat_inc | packagekit | >= 0 < 1.1.10-1 | 1.1.10-1 |
| red_hat_inc | packagekit | >= 0 < 1.1.10-1 | 1.1.10-1 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
osv5.5MEDIUM