HIGH🇬🇧 English

CVE-2017-2663

CVSS 8.2v3.0pub. 2018-07-27upd. 2024-11-21

It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Red Hat Subscription Manager

    APP
    Redhat
    < 1.19.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2023-3899HIGH7.8ten sam produkt

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate aut...

CVE-2016-4455LOW3.3ten sam produkt

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permission...

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam vendor

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam vendor

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...