Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-0851

Published: 29/08/2022 Updated: 12/02/2023
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Convert2rhel

Vulnerability Summary

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an malicious user to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

convert2rhel project convert2rhel -

redhat enterprise linux 7.0

redhat enterprise linux 8.0

Vendor Advisories

Red Hat: Moderate: convert2rhel security update
Synopsis Moderate: convert2rhel security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for convert2rhel is now available for Convert2RHEL for RHEL-6Red Hat Product Security has rated this update as havi ...
Red Hat: Moderate: convert2rhel security, bug fix, and enhancement update
Synopsis Moderate: convert2rhel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for convert2rhel is now available for Convert2RHEL for RHEL-7Red Hat Product Security has ...
Red Hat: Moderate: convert2rhel security, bug fix, and enhancement update
Synopsis Moderate: convert2rhel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for convert2rhel is now available for Convert2RHEL for RHEL-8Red Hat Product Security has ...
Red Hat:
There is a flaw in convert2rhel When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via eg htop or ps The specific impact varies upon t ...

References

CWE-200https://access.redhat.com/security/cve/CVE-2022-0851https://bugzilla.redhat.com/show_bug.cgi?id=2060217https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:6266
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook