cbcvebase.
CVE-2018-1116
published 2018-07-10

CVE-2018-1116: A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows…

PriorityP419medium4.4CVSS 3.1
AVLACLPRLUINSUCLINAL
EPSS
1.20%
64.2th percentile
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

Affected

4 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
debiandebian_linux
debianpolicykit-1< policykit-1 0.105-21 (bookworm)policykit-1 0.105-21 (bookworm)
polkit_projectpolkit< 0.1150.115

CVSS provenance

nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
nvdv3.04.7MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:N/A:P
osv4.4MEDIUM
vendor_ubuntu4.6MEDIUM
vendor_debian4.4MEDIUM
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.