Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-1662

Опубликовано: 10 мая 2022
Источник: redhat
CVSS3: 5.9

Описание

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel.

A flaw was found in convert2rhel, where an Ansible playbook named ansible/run-convert2rhel.yml passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This flaw allows unauthorized local users to view the password via the process list while convert2rhel is running.

Отчет

This flaw does not affect convert2rhel as shipped for Red Hat Enterprise Linux 6, 7, or 8 because the vulnerable code is not built and shipped.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Convert2RHEL 6convert2rhelNot affected
Convert2RHEL 7convert2rhelNot affected
Convert2RHEL 8convert2rhelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2083851convert2rhel: ansible playbook passes credentials to convert2rhel via CLI

5.9 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-1662

CVSS3: 5.5
nvd
больше 3 лет назад

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel.

github логотип

GHSA-77gc-239h-cc4p

CVSS3: 5.5
github
больше 3 лет назад

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel.

5.9 Medium

CVSS3