Convert2rhel Project

Convert2rhel

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-0852

Exploit
  • EPSS 0.15%
  • Published 29.08.2022 15:15:10
  • Last modified 21.11.2024 06:39:31

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. hto...

5.5

CVE-2022-0851

Exploit
  • EPSS 0.12%
  • Published 29.08.2022 15:15:09
  • Last modified 21.11.2024 06:39:31

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view th...

5.5

CVE-2022-1662

  • EPSS 0.04%
  • Published 14.07.2022 15:15:07
  • Last modified 21.11.2024 06:41:12

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process li...