CVE-2018-1106

Summary

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

Affected Software

VendorProductVersion RangeStatus
Red Hat, Inc.PackageKitbefore 1.1.10affected

Weaknesses

  • CWE-287: CWE-287

ADP Enrichment

CVE Program Container

Additional References

References