CVE-2022-0852

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-359
View all →

Vulnerability Description

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.

Related Vulnerabilities

CVE-2023-25632

MEDIUM
CVSS:5.5(Medium)

The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.

CWE-3592023

CVE-2024-29986

MEDIUM
CVSS:5.4(Medium)

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

CWE-3592024

CVE-2024-30056

MEDIUM
CVSS:5.4(Medium)

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CWE-3592024

CVE-2017-16769

MEDIUM
CVSS:5.3(Medium)

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mod...

CWE-3592017

CVE-2019-15623

MEDIUM
CVSS:5.3(Medium)

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

CWE-3592019

CVE-2021-21823

MEDIUM
CVSS:5.3(Medium)

An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosur...

CWE-3592021