CVE-2022-1662

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-1662

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1662.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1662

Published

2022-07-14T15:15:07.983Z

Modified

2026-03-13T05:16:59.880314Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2083851

Affected packages

Git / github.com/oamg/convert2rhel

Affected ranges

Type

GIT

Repo

https://github.com/oamg/convert2rhel

Events

Introduced

Last affected

55bb616a5176fe0d49bc81a22d0bc0ea4c08012d

Introduced

Last affected

120ad4f6356f50e861acc15f826132c4c9d0e7e3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.24"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.25"
        }
    ]
}

Affected versions

v0.*

v0.10

v0.11

v0.12

v0.13

v0.14

v0.15

v0.16

v0.17

v0.18

v0.19

v0.20

v0.21

v0.22

v0.23

v0.24

v0.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1662.json"