{"id":"CVE-2018-1106","details":"An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.","modified":"2026-04-10T04:04:17.655243Z","published":"2018-04-23T20:29:14.347Z","related":["SUSE-SU-2018:1047-1","openSUSE-SU-2024:10605-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1224"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3634-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4207"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2018/04/23/3"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1565992"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hughsie/packagekit","events":[{"introduced":"0"},{"fixed":"9bdb409daf79ac71ed191faaf2635a6daa848ace"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1.10"}]}}],"versions":["PACKAGEKIT_0_1_0","PACKAGEKIT_0_1_1","PACKAGEKIT_0_1_2","PACKAGEKIT_0_1_4","PACKAGEKIT_0_1_6","PACKAGEKIT_0_1_9","PACKAGEKIT_0_3_11","PACKAGEKIT_0_3_2","PACKAGEKIT_0_3_3","PACKAGEKIT_0_3_5","PACKAGEKIT_0_4_0","PACKAGEKIT_0_4_2","PACKAGEKIT_0_4_3","PACKAGEKIT_0_4_6","PACKAGEKIT_0_4_7","PACKAGEKIT_0_5_3","PACKAGEKIT_0_5_5","PACKAGEKIT_0_6_1","PACKAGEKIT_0_6_11","PACKAGEKIT_0_6_13","PACKAGEKIT_0_6_15","PACKAGEKIT_0_6_16","PACKAGEKIT_0_6_3","PACKAGEKIT_0_6_4","PACKAGEKIT_0_6_5","PACKAGEKIT_0_6_6","PACKAGEKIT_0_6_7","PACKAGEKIT_0_6_8","PACKAGEKIT_0_7_0","PACKAGEKIT_0_7_2","PACKAGEKIT_0_7_3","PACKAGEKIT_0_7_4","PACKAGEKIT_0_8_1","PACKAGEKIT_0_8_10","PACKAGEKIT_0_8_11","PACKAGEKIT_0_8_12","PACKAGEKIT_0_8_13","PACKAGEKIT_0_8_14","PACKAGEKIT_0_8_2","PACKAGEKIT_0_8_3","PACKAGEKIT_0_8_4","PACKAGEKIT_0_8_5","PACKAGEKIT_0_8_6","PACKAGEKIT_0_8_7","PACKAGEKIT_0_8_8","PACKAGEKIT_0_8_9","PACKAGEKIT_0_9_1","PACKAGEKIT_0_9_2","PACKAGEKIT_0_9_3","PACKAGEKIT_0_9_4","PACKAGEKIT_0_9_5","PACKAGEKIT_1_0_0","PACKAGEKIT_1_0_1","PACKAGEKIT_1_0_10","PACKAGEKIT_1_0_11","PACKAGEKIT_1_0_2","PACKAGEKIT_1_0_3","PACKAGEKIT_1_0_4","PACKAGEKIT_1_0_5","PACKAGEKIT_1_0_6","PACKAGEKIT_1_0_7","PACKAGEKIT_1_0_8","PACKAGEKIT_1_0_9","PACKAGEKIT_1_1_0","PACKAGEKIT_1_1_1","PACKAGEKIT_1_1_2","PACKAGEKIT_1_1_3","PACKAGEKIT_1_1_5","PACKAGEKIT_1_1_6","PACKAGEKIT_1_1_7","PACKAGEKIT_1_1_8","PACKAGEKIT_1_1_9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1106.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}