CVE-2023-3899

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions subscription-manager (affected versions not specified)

Description A flaw in the authorization procedure of the D-Bus interface com.redhat.RHSM1 allows local privilege escalation. The interface exposes several methods to all users, which can change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user can tamper with the registration state, potentially unregistering the system or changing current entitlements. This issue can be exploited to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, leading to local privilege escalation to an unconfined root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

ALSA-2023:4706

ALSA-2023:4708

AZL-28099

AZL-37046

BDU:2023-04878

CESA-2023_4706

CVE-2023-3899

RHSA-2023:4701

RHSA-2023:4702

RHSA-2023:4703

RHSA-2023:4704

RHSA-2023:4705

RHSA-2023:4706

RHSA-2023:4707

RHSA-2023:4708

RHSA-2023_4701

RHSA-2023_4706

RHSA-2023_4708

RLSA-2023:4706

RLSA-2023:4708

Affected Products

Almalinux

Centos

Red Hat

Red Os

Rocky Linux

Zvirt Node

Subscription-Manager

CVE-2023-3899

Weakness Enumeration

Related Identifiers

Affected Products

References · 32