Lucene search

K

Veracode Vulnerability DatabaseVERACODE:35795

HistoryJun 02, 2022 - 12:42 a.m.

Information Disclosure

2022-06-0200:42:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

convert2rhel

vulnerability

information disclosure

command line

subscription manager

unauthorized users

htop

ps

software

EPSS

0.001

Percentile

17.9%

convert2rhel is vulnerable to information disclosure. The vulnerability exists when the library passes the red hat account password to the subscription manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via htop or ps

References

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/converting_from_an_rpm-based_linux_distribution_to_rhel/index

access.redhat.com/errata/RHSA-2022:1599

access.redhat.com/errata/RHSA-2022:1617

access.redhat.com/errata/RHSA-2022:1618

access.redhat.com/security/cve/CVE-2022-0852

access.redhat.com/security/updates/classification/#important

access.redhat.com/support/policy/convert2rhel-support

bugzilla.redhat.com/show_bug.cgi?id=2060129

github.com/oamg/convert2rhel/commit/8d72fb030ed31116fdb256b327d299337b000af4

github.com/oamg/convert2rhel/pull/492

issues.redhat.com/browse/RHELC-432

EPSS

0.001

Percentile

17.9%

Related for VERACODE:35795

nvd1 prion1 nessus3 osv1 cvelist1 redhatcve1 redhat3 cve1