CVE-2022-1662

A flaw was found in convert2rhel, where an Ansible playbook named ansible/run-convert2rhel.yml passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This flaw allows unauthorized local users to view the password via the process list while convert2rhel is running...

Convert2RHEL 信息泄露漏洞

Convert2RHEL is a tool. Automatically convert Oracle/CentOS/Scientific/Rocky/Alma Linux to Red Hat Enterprise Linux. Convert2RHEL suffers from a security vulnerability that stems from ansible playbook passing credentials to convert2rhel via a command line interface...

The vulnerability of the Convert2RHEL tool, related to insufficient protection of service data, allows a hacker to crack the user’s password.

The vulnerability of the Convert2RHEL tool is related to insufficient protection for operational data. Exploiting this vulnerability could allow an attacker to obtain user passwords using the command line...

Important: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

convert2rhel: Red Hat account password passed via command line by code

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

Important: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for supported conversions of CentOS Linux 7 and Oracle Linux 7 to Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

convert2rhel: Red Hat account password passed via command line by code

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

Important: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for supported conversions of CentOS Linux 8 and Oracle Linux 8 to Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

convert2rhel: Red Hat account password passed via command line by code

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

CVE-2022-0852

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

Convert2RHEL 信息泄露漏洞

Convert2RHEL is a tool. Automatically convert Oracle/CentOS/Scientific/Rocky/Alma Linux to Red Hat Enterprise Linux. Convert2RHEL suffers from a security vulnerability that stems from the application of the --activationkey option when used with convert2rhel, where the activation key is subsequent...

Red Hat Convert2RHEL 安全漏洞

Convert2RHEL is a tool. Automatically convert Oracle/CentOS/Scientific/Rocky/Alma Linux to Red Hat Enterprise Linux. A security vulnerability exists in Red Hat Convert2RHEL that originates from passing a Red Hat account password to a subscription manager over the command line. A local, unauthoriz...

PT-2022-2389 · Red Hat · Convert2Rhel

Name of the Vulnerable Software and Affected Versions: convert2rhel affected versions not specified Description: The issue is related to a flaw in convert2rhel, where it passes the Red Hat account password to subscription-manager via the command line. This could allow unauthorized users locally o...

Moderate: Red Hat Security Advisory: Satellite 6.10 Release

An update is now available for Red Hat Satellite 6.10 for RHEL 7. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: python-ecdsa...