Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for packagekit by packagekit_project
CVE-2026-41651 (GCVE-0-2026-41651)
Vulnerability from nvd – Published: 2026-04-22 13:11 – Updated: 2026-04-22 18:36
VLAI?
Title
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
Summary
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.
A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`:
1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING.
2. Silent state-transition rejection (lines 873–882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` → `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags.
3. Late flag read at execution time (lines 2273–2277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags.
Severity ?
8.8 (High)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PackageKit | PackageKit |
Affected:
>= 1.0.2, <= 1.3.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-22T17:21:17.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/22/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41651",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T18:35:57.253778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T18:36:23.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "PackageKit",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.2, \u003c= 1.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.\n\nA local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction-\u003ecached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`:\n1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction-\u003ecached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING.\n2. Silent state-transition rejection (lines 873\u2013882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` \u2192 `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags.\n3. Late flag read at execution time (lines 2273\u20132277): The scheduler\u0027s idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker\u0027s flags."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:11:40.174Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv"
},
{
"name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277"
},
{
"name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036"
},
{
"name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882"
},
{
"name": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html"
}
],
"source": {
"advisory": "GHSA-f55j-vvr9-69xv",
"discovery": "UNKNOWN"
},
"title": "PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41651",
"datePublished": "2026-04-22T13:11:40.174Z",
"dateReserved": "2026-04-21T23:58:43.802Z",
"dateUpdated": "2026-04-22T18:36:23.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0217 (GCVE-0-2024-0217)
Vulnerability from nvd – Published: 2024-01-03 17:04 – Updated: 2025-11-21 06:24
VLAI?
Title
Packagekitd: use-after-free in idle function callback
Summary
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
1.2.0 , < 1.2.7
(semver)
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Date Public ?
2024-01-03 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0217"
},
{
"name": "RHBZ#2256624",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256624"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T18:34:30.608642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:38:51.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/PackageKit/PackageKit",
"defaultStatus": "unaffected",
"packageName": "PackageKit",
"versions": [
{
"lessThan": "1.2.7",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "compat-PackageKit08",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Thibault Guittet (Red Hat)."
}
],
"datePublic": "2024-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T06:24:15.764Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0217"
},
{
"name": "RHBZ#2256624",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256624"
},
{
"url": "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-03T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-03T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Packagekitd: use-after-free in idle function callback",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0217",
"datePublished": "2024-01-03T17:04:37.841Z",
"dateReserved": "2024-01-03T13:40:33.684Z",
"dateUpdated": "2025-11-21T06:24:15.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0987 (GCVE-0-2022-0987)
Vulnerability from nvd – Published: 2022-06-28 16:09 – Updated: 2024-08-02 23:47
VLAI?
Summary
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PackageKit |
Affected:
All PackageKit versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All PackageKit versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T16:09:26.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064315"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0987",
"datePublished": "2022-06-28T16:09:26.000Z",
"dateReserved": "2022-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:42.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16122 (GCVE-0-2020-16122)
Vulnerability from nvd – Published: 2020-11-07 04:10 – Updated: 2024-09-16 16:13
VLAI?
Title
Packagekit's apt backend lets user install untrusted local packages
Summary
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Severity ?
8.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PackageKit | packagekit |
Affected:
1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1
(custom)
Affected: 1.1.9-1ubuntu , < 1.1.9-1ubuntu2.18.04.6 (custom) Affected: 0.8.17-4ubuntu , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom) |
Date Public ?
2020-06-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "packagekit",
"vendor": "PackageKit",
"versions": [
{
"lessThan": "1.1.13-2ubuntu1.1",
"status": "affected",
"version": "1.1.13-2ubuntu",
"versionType": "custom"
},
{
"lessThan": "1.1.9-1ubuntu2.18.04.6",
"status": "affected",
"version": "1.1.9-1ubuntu",
"versionType": "custom"
},
{
"lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
"status": "affected",
"version": "0.8.17-4ubuntu",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-07T04:10:19.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
],
"discovery": "EXTERNAL"
},
"title": "Packagekit\u0027s apt backend lets user install untrusted local packages",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-06-12T00:00:00.000Z",
"ID": "CVE-2020-16122",
"STATE": "PUBLIC",
"TITLE": "Packagekit\u0027s apt backend lets user install untrusted local packages"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "packagekit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.13-2ubuntu",
"version_value": "1.1.13-2ubuntu1.1"
},
{
"version_affected": "\u003c",
"version_name": "1.1.9-1ubuntu",
"version_value": "1.1.9-1ubuntu2.18.04.6"
},
{
"version_affected": "\u003c",
"version_name": "0.8.17-4ubuntu",
"version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
}
]
}
}
]
},
"vendor_name": "PackageKit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-16122",
"datePublished": "2020-11-07T04:10:19.889Z",
"dateReserved": "2020-07-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:13:16.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16121 (GCVE-0-2020-16121)
Vulnerability from nvd – Published: 2020-11-07 04:10 – Updated: 2024-09-17 04:04
VLAI?
Title
PackageKit error messages leak presence and mimetype of files to unprivileged users
Summary
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Severity ?
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PackageKit | PackageKit |
Affected:
1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1
(custom)
Affected: 1.1.9-1ubuntu2 , < 1.1.9-1ubuntu2.18.04.6 (custom) Affected: 0.8.17-4ubuntu6 , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom) |
Date Public ?
2020-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "PackageKit",
"versions": [
{
"lessThan": "1.1.13-2ubuntu1.1",
"status": "affected",
"version": "1.1.13-2ubuntu",
"versionType": "custom"
},
{
"lessThan": "1.1.9-1ubuntu2.18.04.6",
"status": "affected",
"version": "1.1.9-1ubuntu2",
"versionType": "custom"
},
{
"lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
"status": "affected",
"version": "0.8.17-4ubuntu6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vaisha Bernard"
}
],
"datePublic": "2020-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-07T04:10:19.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
],
"discovery": "EXTERNAL"
},
"title": "PackageKit error messages leak presence and mimetype of files to unprivileged users",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-09-24T00:00:00.000Z",
"ID": "CVE-2020-16121",
"STATE": "PUBLIC",
"TITLE": "PackageKit error messages leak presence and mimetype of files to unprivileged users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PackageKit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.13-2ubuntu",
"version_value": "1.1.13-2ubuntu1.1"
},
{
"version_affected": "\u003c",
"version_name": "1.1.9-1ubuntu2",
"version_value": "1.1.9-1ubuntu2.18.04.6"
},
{
"version_affected": "\u003c",
"version_name": "0.8.17-4ubuntu6",
"version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
}
]
}
}
]
},
"vendor_name": "PackageKit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vaisha Bernard"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html",
"refsource": "MISC",
"url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-16121",
"datePublished": "2020-11-07T04:10:19.447Z",
"dateReserved": "2020-07-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:04:03.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2515 (GCVE-0-2011-2515)
Vulnerability from nvd – Published: 2019-11-27 20:18 – Updated: 2024-08-06 23:00
VLAI?
Summary
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
Severity ?
No CVSS data available.
CWE
- installs unsigned RPM packages as though they were signed
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| packagekit | packagekit |
Affected:
0.6.15
Affected: 0.6.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2515"
},
{
"name": "48557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/48557/info"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "packagekit",
"vendor": "packagekit",
"versions": [
{
"status": "affected",
"version": "0.6.15"
},
{
"status": "affected",
"version": "0.6.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "installs unsigned RPM packages as though they were signed",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T20:18:50.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2515"
},
{
"name": "48557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/48557/info"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2515",
"datePublished": "2019-11-27T20:18:50.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:34.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1106 (GCVE-0-2018-1106)
Vulnerability from nvd – Published: 2018-04-23 20:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | PackageKit |
Affected:
before 1.1.10
|
Date Public ?
2018-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3634-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3634-1/"
},
{
"name": "DSA-4207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "before 1.1.10"
}
]
}
],
"datePublic": "2018-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T15:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3634-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3634-1/"
},
{
"name": "DSA-4207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-04-23T00:00:00",
"ID": "CVE-2018-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PackageKit",
"version": {
"version_data": [
{
"version_value": "before 1.1.10"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3634-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3634-1/"
},
{
"name": "DSA-4207",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1106",
"datePublished": "2018-04-23T20:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:44.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1764 (GCVE-0-2013-1764)
Vulnerability from nvd – Published: 2014-04-16 18:00 – Updated: 2024-08-06 15:13
VLAI?
Summary
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2013-02-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130225 Re: CVE Request: PackageKit\"update\" allows downgrade of packages when using the \"zypp\" backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/packagekit/packagekit/source/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=61231"
},
{
"name": "openSUSE-SU-2013:0889",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=804983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the \"install updates\" method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-16T17:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130225 Re: CVE Request: PackageKit\"update\" allows downgrade of packages when using the \"zypp\" backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/packagekit/packagekit/source/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=61231"
},
{
"name": "openSUSE-SU-2013:0889",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=804983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1764",
"datePublished": "2014-04-16T18:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:13:32.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-41651 (GCVE-0-2026-41651)
Vulnerability from cvelistv5 – Published: 2026-04-22 13:11 – Updated: 2026-04-22 18:36
VLAI?
Title
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
Summary
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.
A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`:
1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING.
2. Silent state-transition rejection (lines 873–882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` → `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags.
3. Late flag read at execution time (lines 2273–2277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags.
Severity ?
8.8 (High)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PackageKit | PackageKit |
Affected:
>= 1.0.2, <= 1.3.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-22T17:21:17.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/22/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41651",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T18:35:57.253778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T18:36:23.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "PackageKit",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.2, \u003c= 1.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.\n\nA local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction-\u003ecached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`:\n1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction-\u003ecached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING.\n2. Silent state-transition rejection (lines 873\u2013882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` \u2192 `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags.\n3. Late flag read at execution time (lines 2273\u20132277): The scheduler\u0027s idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker\u0027s flags."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:11:40.174Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv"
},
{
"name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277"
},
{
"name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036"
},
{
"name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882"
},
{
"name": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html"
}
],
"source": {
"advisory": "GHSA-f55j-vvr9-69xv",
"discovery": "UNKNOWN"
},
"title": "PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41651",
"datePublished": "2026-04-22T13:11:40.174Z",
"dateReserved": "2026-04-21T23:58:43.802Z",
"dateUpdated": "2026-04-22T18:36:23.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0217 (GCVE-0-2024-0217)
Vulnerability from cvelistv5 – Published: 2024-01-03 17:04 – Updated: 2025-11-21 06:24
VLAI?
Title
Packagekitd: use-after-free in idle function callback
Summary
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
1.2.0 , < 1.2.7
(semver)
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Date Public ?
2024-01-03 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0217"
},
{
"name": "RHBZ#2256624",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256624"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T18:34:30.608642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:38:51.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/PackageKit/PackageKit",
"defaultStatus": "unaffected",
"packageName": "PackageKit",
"versions": [
{
"lessThan": "1.2.7",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "compat-PackageKit08",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Thibault Guittet (Red Hat)."
}
],
"datePublic": "2024-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T06:24:15.764Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0217"
},
{
"name": "RHBZ#2256624",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256624"
},
{
"url": "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-03T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-03T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Packagekitd: use-after-free in idle function callback",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0217",
"datePublished": "2024-01-03T17:04:37.841Z",
"dateReserved": "2024-01-03T13:40:33.684Z",
"dateUpdated": "2025-11-21T06:24:15.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0987 (GCVE-0-2022-0987)
Vulnerability from cvelistv5 – Published: 2022-06-28 16:09 – Updated: 2024-08-02 23:47
VLAI?
Summary
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PackageKit |
Affected:
All PackageKit versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All PackageKit versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T16:09:26.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064315"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0987",
"datePublished": "2022-06-28T16:09:26.000Z",
"dateReserved": "2022-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:42.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16122 (GCVE-0-2020-16122)
Vulnerability from cvelistv5 – Published: 2020-11-07 04:10 – Updated: 2024-09-16 16:13
VLAI?
Title
Packagekit's apt backend lets user install untrusted local packages
Summary
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Severity ?
8.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PackageKit | packagekit |
Affected:
1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1
(custom)
Affected: 1.1.9-1ubuntu , < 1.1.9-1ubuntu2.18.04.6 (custom) Affected: 0.8.17-4ubuntu , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom) |
Date Public ?
2020-06-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "packagekit",
"vendor": "PackageKit",
"versions": [
{
"lessThan": "1.1.13-2ubuntu1.1",
"status": "affected",
"version": "1.1.13-2ubuntu",
"versionType": "custom"
},
{
"lessThan": "1.1.9-1ubuntu2.18.04.6",
"status": "affected",
"version": "1.1.9-1ubuntu",
"versionType": "custom"
},
{
"lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
"status": "affected",
"version": "0.8.17-4ubuntu",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-07T04:10:19.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
],
"discovery": "EXTERNAL"
},
"title": "Packagekit\u0027s apt backend lets user install untrusted local packages",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-06-12T00:00:00.000Z",
"ID": "CVE-2020-16122",
"STATE": "PUBLIC",
"TITLE": "Packagekit\u0027s apt backend lets user install untrusted local packages"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "packagekit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.13-2ubuntu",
"version_value": "1.1.13-2ubuntu1.1"
},
{
"version_affected": "\u003c",
"version_name": "1.1.9-1ubuntu",
"version_value": "1.1.9-1ubuntu2.18.04.6"
},
{
"version_affected": "\u003c",
"version_name": "0.8.17-4ubuntu",
"version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
}
]
}
}
]
},
"vendor_name": "PackageKit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-16122",
"datePublished": "2020-11-07T04:10:19.889Z",
"dateReserved": "2020-07-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:13:16.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16121 (GCVE-0-2020-16121)
Vulnerability from cvelistv5 – Published: 2020-11-07 04:10 – Updated: 2024-09-17 04:04
VLAI?
Title
PackageKit error messages leak presence and mimetype of files to unprivileged users
Summary
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Severity ?
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PackageKit | PackageKit |
Affected:
1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1
(custom)
Affected: 1.1.9-1ubuntu2 , < 1.1.9-1ubuntu2.18.04.6 (custom) Affected: 0.8.17-4ubuntu6 , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom) |
Date Public ?
2020-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "PackageKit",
"versions": [
{
"lessThan": "1.1.13-2ubuntu1.1",
"status": "affected",
"version": "1.1.13-2ubuntu",
"versionType": "custom"
},
{
"lessThan": "1.1.9-1ubuntu2.18.04.6",
"status": "affected",
"version": "1.1.9-1ubuntu2",
"versionType": "custom"
},
{
"lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
"status": "affected",
"version": "0.8.17-4ubuntu6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vaisha Bernard"
}
],
"datePublic": "2020-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-07T04:10:19.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
],
"discovery": "EXTERNAL"
},
"title": "PackageKit error messages leak presence and mimetype of files to unprivileged users",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-09-24T00:00:00.000Z",
"ID": "CVE-2020-16121",
"STATE": "PUBLIC",
"TITLE": "PackageKit error messages leak presence and mimetype of files to unprivileged users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PackageKit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.13-2ubuntu",
"version_value": "1.1.13-2ubuntu1.1"
},
{
"version_affected": "\u003c",
"version_name": "1.1.9-1ubuntu2",
"version_value": "1.1.9-1ubuntu2.18.04.6"
},
{
"version_affected": "\u003c",
"version_name": "0.8.17-4ubuntu6",
"version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
}
]
}
}
]
},
"vendor_name": "PackageKit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vaisha Bernard"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html",
"refsource": "MISC",
"url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-16121",
"datePublished": "2020-11-07T04:10:19.447Z",
"dateReserved": "2020-07-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:04:03.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2515 (GCVE-0-2011-2515)
Vulnerability from cvelistv5 – Published: 2019-11-27 20:18 – Updated: 2024-08-06 23:00
VLAI?
Summary
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
Severity ?
No CVSS data available.
CWE
- installs unsigned RPM packages as though they were signed
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| packagekit | packagekit |
Affected:
0.6.15
Affected: 0.6.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2515"
},
{
"name": "48557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/48557/info"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "packagekit",
"vendor": "packagekit",
"versions": [
{
"status": "affected",
"version": "0.6.15"
},
{
"status": "affected",
"version": "0.6.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "installs unsigned RPM packages as though they were signed",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T20:18:50.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2515"
},
{
"name": "48557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/48557/info"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2515",
"datePublished": "2019-11-27T20:18:50.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:34.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1106 (GCVE-0-2018-1106)
Vulnerability from cvelistv5 – Published: 2018-04-23 20:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | PackageKit |
Affected:
before 1.1.10
|
Date Public ?
2018-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3634-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3634-1/"
},
{
"name": "DSA-4207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "before 1.1.10"
}
]
}
],
"datePublic": "2018-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T15:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3634-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3634-1/"
},
{
"name": "DSA-4207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-04-23T00:00:00",
"ID": "CVE-2018-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PackageKit",
"version": {
"version_data": [
{
"version_value": "before 1.1.10"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3634-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3634-1/"
},
{
"name": "DSA-4207",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1106",
"datePublished": "2018-04-23T20:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:44.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1764 (GCVE-0-2013-1764)
Vulnerability from cvelistv5 – Published: 2014-04-16 18:00 – Updated: 2024-08-06 15:13
VLAI?
Summary
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2013-02-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130225 Re: CVE Request: PackageKit\"update\" allows downgrade of packages when using the \"zypp\" backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/packagekit/packagekit/source/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=61231"
},
{
"name": "openSUSE-SU-2013:0889",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=804983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the \"install updates\" method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-16T17:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130225 Re: CVE Request: PackageKit\"update\" allows downgrade of packages when using the \"zypp\" backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/packagekit/packagekit/source/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=61231"
},
{
"name": "openSUSE-SU-2013:0889",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=804983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1764",
"datePublished": "2014-04-16T18:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:13:32.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}