Subscription-manager@* Security Vulnerabilities and Issues — Subscription-manager@* CVE List

Lucene search

RedhatSubscription-manager*

3 matches found

CVE•added 2023/08/23 11:15 a.m.•514 views

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.S...

7.8CVSS7.7AI score0.00034EPSS

CVE•added 2017/04/14 6:59 p.m.•372 views

CVE-2016-4455

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.

3.3CVSS3.3AI score0.00048EPSS

CVE•added 2018/07/27 8:29 p.m.•55 views

CVE-2017-2663

It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalat...

8.2CVSS7.7AI score0.00125EPSS