PT-2022-2389 · Red Hat · Convert2Rhel

Abadger

Published

2022-04-16

Updated

2023-02-12

CVE-2022-0852

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions convert2rhel (affected versions not specified)

Description The issue is related to a flaw in convert2rhel, where it passes the Red Hat account password to subscription-manager via the command line. This could allow unauthorized users locally on the machine to view the password via the process command line using tools like htop or ps. The impact varies depending on the privileges of the Red Hat account, potentially affecting the integrity, availability, and/or data confidentiality of other systems administered by that account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-359CWE-200CWE-668

Related Identifiers

BDU:2022-02759

CVE-2022-0852

RHSA-2022:1599

RHSA-2022:1617

RHSA-2022:1618

Affected Products

Convert2Rhel

PT-2022-2389 · Red Hat · Convert2Rhel

CVE-2022-0852

Weakness Enumeration

Related Identifiers

Affected Products

References · 15