{"id":"CVE-2018-1106","details":"An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.","modified":"2026-04-11T12:07:04.098182Z","published":"2018-04-23T20:29:14.347Z","related":["SUSE-SU-2018:1047-1","openSUSE-SU-2024:10605-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"17.10"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.6"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.5"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.6"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.6"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2018/04/23/3"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1224"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3634-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4207"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1565992"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/PackageKit/PackageKit","events":[{"introduced":"0"},{"fixed":"9bdb409daf79ac71ed191faaf2635a6daa848ace"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.1.10"}],"cpe":"cpe:2.3:a:packagekit_project:packagekit:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["PACKAGEKIT_0_1_0","PACKAGEKIT_0_1_1","PACKAGEKIT_0_1_2","PACKAGEKIT_0_1_4","PACKAGEKIT_0_1_6","PACKAGEKIT_0_1_9","PACKAGEKIT_0_3_11","PACKAGEKIT_0_3_2","PACKAGEKIT_0_3_3","PACKAGEKIT_0_3_5","PACKAGEKIT_0_4_0","PACKAGEKIT_0_4_2","PACKAGEKIT_0_4_3","PACKAGEKIT_0_4_6","PACKAGEKIT_0_4_7","PACKAGEKIT_0_5_3","PACKAGEKIT_0_5_5","PACKAGEKIT_0_6_1","PACKAGEKIT_0_6_11","PACKAGEKIT_0_6_13","PACKAGEKIT_0_6_15","PACKAGEKIT_0_6_16","PACKAGEKIT_0_6_3","PACKAGEKIT_0_6_4","PACKAGEKIT_0_6_5","PACKAGEKIT_0_6_6","PACKAGEKIT_0_6_7","PACKAGEKIT_0_6_8","PACKAGEKIT_0_7_0","PACKAGEKIT_0_7_2","PACKAGEKIT_0_7_3","PACKAGEKIT_0_7_4","PACKAGEKIT_0_8_1","PACKAGEKIT_0_8_10","PACKAGEKIT_0_8_11","PACKAGEKIT_0_8_12","PACKAGEKIT_0_8_13","PACKAGEKIT_0_8_14","PACKAGEKIT_0_8_2","PACKAGEKIT_0_8_3","PACKAGEKIT_0_8_4","PACKAGEKIT_0_8_5","PACKAGEKIT_0_8_6","PACKAGEKIT_0_8_7","PACKAGEKIT_0_8_8","PACKAGEKIT_0_8_9","PACKAGEKIT_0_9_1","PACKAGEKIT_0_9_2","PACKAGEKIT_0_9_3","PACKAGEKIT_0_9_4","PACKAGEKIT_0_9_5","PACKAGEKIT_1_0_0","PACKAGEKIT_1_0_1","PACKAGEKIT_1_0_10","PACKAGEKIT_1_0_11","PACKAGEKIT_1_0_2","PACKAGEKIT_1_0_3","PACKAGEKIT_1_0_4","PACKAGEKIT_1_0_5","PACKAGEKIT_1_0_6","PACKAGEKIT_1_0_7","PACKAGEKIT_1_0_8","PACKAGEKIT_1_0_9","PACKAGEKIT_1_1_0","PACKAGEKIT_1_1_1","PACKAGEKIT_1_1_2","PACKAGEKIT_1_1_3","PACKAGEKIT_1_1_5","PACKAGEKIT_1_1_6","PACKAGEKIT_1_1_7","PACKAGEKIT_1_1_8","PACKAGEKIT_1_1_9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1106.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}