NVD Vulnerability Detail

CVE-2022-0852

Summary	There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.
Publication Date	Aug. 30, 2022, 12:15 a.m.
Registration Date	Aug. 30, 2022, 10 a.m.
Last Update	Nov. 21, 2024, 3:39 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:convert2rhel_project:convert2rhel::::::::					0.26

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://access.redhat.com/security/cve/CVE-2022-0852	Third Party Advisory
2	https://access.redhat.com/security/cve/CVE-2022-0852	Third Party Advisory
3	https://bugzilla.redhat.com/show_bug.cgi?id=2060129	Exploit Issue Tracking Third Party Advisory
4	https://bugzilla.redhat.com/show_bug.cgi?id=2060129	Exploit Issue Tracking Third Party Advisory
5	https://github.com/oamg/convert2rhel/commit/8d72fb030ed31116fdb256b327d299337b000af4	Exploit Patch Third Party Advisory
6	https://github.com/oamg/convert2rhel/commit/8d72fb030ed31116fdb256b327d299337b000af4	Exploit Patch Third Party Advisory
7	https://github.com/oamg/convert2rhel/pull/492	Exploit Patch Third Party Advisory
8	https://github.com/oamg/convert2rhel/pull/492	Exploit Patch Third Party Advisory
9	https://issues.redhat.com/browse/RHELC-432	Third Party Advisory
10	https://issues.redhat.com/browse/RHELC-432	Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

convert2rhel project の convert2rhel 他複数ベンダの製品における認可されていない行為者への個人情報の漏えいに関する脆弱性

Title	convert2rhel project の convert2rhel 他複数ベンダの製品における認可されていない行為者への個人情報の漏えいに関する脆弱性
Summary	convert2rhel project の convert2rhel 他複数ベンダの製品には、認可されていない行為者への個人情報の漏えいに関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 29, 2022, midnight
Registration Date	Oct. 2, 2023, 5:13 p.m.
Last Update	Oct. 2, 2023, 5:13 p.m.

Affected System

convert2rhel project

convert2rhel 0.26 未満

レッドハット

Red Hat Enterprise Linux 6.0

Red Hat Enterprise Linux 7.0

Red Hat Enterprise Linux 8.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-0852	https://www.cve.org/CVERecord?id=CVE-2022-0852
National Vulnerability Database (NVD)
2	CVE-2022-0852	https://nvd.nist.gov/vuln/detail/CVE-2022-0852

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-359	https://cwe.mitre.org/data/definitions/359.html

その他

No	Name	URL
関連文書
1	access.redhat.com (CVE-2022-0852)	https://access.redhat.com/security/cve/CVE-2022-0852
2	bugzilla.redhat.com (2060129)	https://bugzilla.redhat.com/show_bug.cgi?id=2060129
3	github.com (8d72fb030ed31116fdb256b327d299337b000af4)	https://github.com/oamg/convert2rhel/commit/8d72fb030ed31116fdb256b327d299337b000af4
4	github.com (pull/492)	https://github.com/oamg/convert2rhel/pull/492
5	issues.redhat.com (RHELC-432)	https://issues.redhat.com/browse/RHELC-432

Change Log

No	Changed Details	Date of change
1	[2023年10月02日] 掲載	Oct. 2, 2023, 5:13 p.m.