CVE-2023-3899
- EPSS 0.03%
- Published 23.08.2023 11:15:07
- Last modified 21.11.2024 08:18:19
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the reg...
CVE-2017-2663
- EPSS 0.13%
- Published 27.07.2018 20:29:00
- Last modified 21.11.2024 03:23:55
It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to p...
CVE-2016-4455
- EPSS 0.05%
- Published 14.04.2017 18:59:00
- Last modified 20.04.2025 01:37:25
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directo...