Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2022-0852

Published: 29/08/2022 Updated: 12/02/2023
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Convert2rhel

Vulnerability Summary

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

convert2rhel project convert2rhel

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 8.0

Vendor Advisories

Red Hat: Important: convert2rhel security update
Synopsis Important: convert2rhel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red ...
Red Hat: Important: convert2rhel security update
Synopsis Important: convert2rhel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update for convert2rhel is now available for supported conversions of CentOS Linux 8 and Oracle Linux 8 to Red Ha ...
Red Hat: Important: convert2rhel security update
Synopsis Important: convert2rhel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update for convert2rhel is now available for supported conversions of CentOS Linux 7 and Oracle Linux 7 to Red Ha ...
Red Hat:
There is a flaw in convert2rhel convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via eg htop or ps The specific impact varies upon the privileges of the Red Hat account in question, but it c ...

References

CWE-359https://issues.redhat.com/browse/RHELC-432https://github.com/oamg/convert2rhel/commit/8d72fb030ed31116fdb256b327d299337b000af4https://github.com/oamg/convert2rhel/pull/492https://access.redhat.com/security/cve/CVE-2022-0852https://bugzilla.redhat.com/show_bug.cgi?id=2060129https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:1618
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook