CVE-2022-0852

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-0852
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0852.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-0852
Downstream
Published
2022-08-29T15:15:10.027Z
Modified
2025-11-14T12:44:31.332943Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.

References

Affected packages

Git / github.com/oamg/convert2rhel

Affected ranges

Type
GIT
Repo
https://github.com/oamg/convert2rhel
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8d72fb030ed31116fdb256b327d299337b000af4

Affected versions

v0.*

v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.16
v0.17
v0.18
v0.19
v0.20
v0.21
v0.22
v0.23
v0.24
v0.25
v0.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0852.json"