CVE-2023-3899

EPSS 0.03%
Veröffentlicht 23.08.2023 11:15:07
Zuletzt bearbeitet 21.11.2024 08:18:19
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Subscription-manager Version < 1.28.39

Redhat ≫ Subscription-manager Version >= 1.29.0 < 1.29.37

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux Eus Version8.8

Redhat ≫ Enterprise Linux Eus Version9.0

Redhat ≫ Enterprise Linux Eus Version9.2

Redhat ≫ Enterprise Linux For Arm 64 Version8.0

Redhat ≫ Enterprise Linux For Arm 64 Version9.0

Redhat ≫ Enterprise Linux For Arm 64 Version9.2

Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.6

Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.8

Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.0

Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.2

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.2

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.2

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0

Redhat ≫ Enterprise Linux For Power Little Endian Version9.0

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.0

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server Aus Version9.2

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.1

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.2

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.6

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.8

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.0

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.2

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Enterprise Linux Server Tus Version8.8

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version9.0

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version9.2

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.1

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.2

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.6

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.8

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.079

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://access.redhat.com/errata/RHSA-2023:4701

Vendor Advisory

https://access.redhat.com/errata/RHSA-2023:4702

Vendor Advisory

https://access.redhat.com/errata/RHSA-2023:4703

Vendor Advisory

https://access.redhat.com/errata/RHSA-2023:4704

Vendor Advisory

https://access.redhat.com/errata/RHSA-2023:4705

Vendor Advisory

https://access.redhat.com/errata/RHSA-2023:4706

Vendor Advisory