3 matches found
CVE-2023-3899
CVE-2023-3899 affects subscription-manager. The vulnerability stems from the D-Bus interface com.redhat.RHSM1 exposing many methods to all users, allowing a low-privileged local user to tamper with registration state via Config.SetAll(). This enables arbitrary directives to /etc/rhsm/rhsm.conf, l...
CVE-2016-4455
CVE-2016-4455 affects the Subscription Manager (subscription-manager) before 1.17.7-1 for Candlepin. The weakness is weak permissions (755) on subscription-manager cache directories, enabling local users to read files and obtain sensitive information. The connected documents corroborate the affec...
CVE-2017-2663
CVE-2017-2663 affects subscription-manager’s DBus interface up to version 1.19.3 (before 1.19.4). An unprivileged local attacker could call com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set, gaining access to private information and potentially escalating privileges. Publicly docume...