CVE-2011-2515

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
packagekit_projectpackagekit
0.6.17
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
redhatenterprise_linux_server
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
packagekit
bullseye
1.2.2-2
fixed
bookworm
1.2.6-5
fixed
sid
1.3.0-1
fixed
trixie
1.3.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
packagekit
vivid
not-affected
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2011-2515
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515
https://security-tracker.debian.org/tracker/CVE-2011-2515
https://www.securityfocus.com/bid/48557/info
https://access.redhat.com/security/cve/cve-2011-2515
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515
https://security-tracker.debian.org/tracker/CVE-2011-2515
https://www.securityfocus.com/bid/48557/info