Описание
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.2 High
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
PackageKit's apt backend mistakenly treated all local debs as trusted. ...
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Уязвимость пакетного менеджера PackageKit, связанная с ошибками управления привилегиями, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
8.2 High
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2