Описание
It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.19.4 (исключая)
cpe:2.3:a:redhat:subscription-manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00125
Низкий
8.2 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-270
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.
EPSS
Процентиль: 32%
0.00125
Низкий
8.2 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-270
NVD-CWE-noinfo