Lucene search
K

259 matches found

RedHat Linux
RedHat Linux
added 2022/08/31 1:3 p.m.6 views

convert2rhel: Activation key passed via command line by code

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS5.8AI score0.00303EPSS
Exploits1References4
NVD
NVD
added 2022/08/29 3:15 p.m.37 views

CVE-2022-0852

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

5.5CVSS0.00355EPSS
Exploits1References5
NVD
NVD
added 2022/08/29 3:15 p.m.64 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS0.00303EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/29 3:15 p.m.8 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS5.9AI score0.00303EPSS
Exploits1References6
OSV
OSV
added 2022/08/29 3:15 p.m.6 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS5.8AI score0.00303EPSS
Exploits1References2
Prion
Prion
added 2022/08/29 3:15 p.m.20 views

Design/Logic Flaw

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

1.7CVSS5.4AI score0.00303EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/08/29 2:3 p.m.23 views

CVE-2022-0852

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

5.5CVSS6.8AI score0.00355EPSS
Exploits1References7
Cvelist
Cvelist
added 2022/08/29 2:3 p.m.72 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.7AI score0.00303EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/29 12:0 a.m.6 views

PT-2022-13472 · Unknown · Convert2Rhel

Name of the Vulnerable Software and Affected Versions: convert2rhel affected versions not specified Description: The issue is related to the use of the --activationkey option with convert2rhel, which passes the activation key to subscription-manager via the command line. This could allow...

5.5CVSS5.1AI score0.00303EPSS
Exploits1References5
OSV
OSV
added 2022/08/26 4:15 p.m.48 views

UBUNTU-CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager...

5.5CVSS5.7AI score0.00244EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/08/26 4:15 p.m.32 views

CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager...

5.5CVSS6AI score0.00244EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/08/26 3:25 p.m.35 views

CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager...

5.7AI score0.00244EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/08/26 12:0 a.m.5 views

openstack-tripleo-heat-templates 安全漏洞

openstack-tripleo-heat-templates is a set of templates and tools for building Heat templates for OpenStack deployment. A security vulnerability exists in openstack-tripleo-heat-templates that stems from the presence of plain passwords from RHSM in its logs during the deployment of OSP13 using...

5.5CVSS6.8AI score0.00244EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/08/26 12:0 a.m.4 views

PT-2022-10474 · Openstack · Openstack-Tripleo-Heat-Templates

Name of the Vulnerable Software and Affected Versions: openstack-tripleo-heat-templates affected versions not specified Description: A flaw was found in openstack-tripleo-heat-templates where plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager...

5.5CVSS5.2AI score0.00244EPSS
Exploits1References11
Rockylinux
Rockylinux
added 2022/08/09 9:33 a.m.8 views

subscription-manager bug fix and enhancement update

An update is available for subscription-manager. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The subscription-manager packages provide programs and libraries...

1AI score
Exploits0
NVD
NVD
added 2022/07/14 3:15 p.m.26 views

CVE-2022-1662

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this...

5.5CVSS0.0021EPSS
Exploits0References1
Prion
Prion
added 2022/07/14 3:15 p.m.13 views

Default credentials

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this...

1.7CVSS5.3AI score0.0021EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/14 2:55 p.m.26 views

CVE-2022-1662

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this...

5.7AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2022/07/14 2:55 p.m.77 views

CVE-2022-1662

In CVE-2022-1662, the issue is that an Ansible playbook (ansible/run-convert2rhel.yml) for convert2rhel passes the Red Hat Subscription Manager password via the CLI, enabling unauthorized local users to view the password in the process list during execution. This affects convert2rhel when the ups...

5.5CVSS5.4AI score0.0021EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/06/15 8:15 p.m.16 views

CVE-2021-41415

Subscription-Manager v1.0 /main.js has a cross-site scripting XSS vulnerability in the machineDetail parameter...

6.1CVSS0.00581EPSS
Exploits1References1
Rows per page
Query Builder