Home > Vulnerability Database > CVE-2022-0851

Mend.io Vulnerability Database

CVE-2022-0851

Date: August 29, 2022

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.

Severity Score

4.0

Related Resources (7)

Url: https://access.redhat.com/errata/RHSA-2022:6269

Url: https://access.redhat.com/errata/RHSA-2022:6268

Url: https://access.redhat.com/security/cve/CVE-2022-0851

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2060217

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-0851

Url: https://access.redhat.com/errata/RHSA-2022:6266

Url: https://www.mend.io/vulnerability-database/CVE-2022-0851

Severity Score

4.0

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insufficient Information

NVD-CWE-noinfo

CVSS v3

Base Score:	4.0
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-0851

Date: August 29, 2022

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3

Do you need more information?