HIGH🇬🇧 English

CVE-2023-3899

CVSS 7.8v3.1pub. 2023-08-23upd. 2024-11-21

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Fedora Project Fedora

    OS
    Fedoraproject
    3738
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.09.0
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    8.68.89.09.2
  • Red Hat Enterprise Linux For Arm 64

    OS
    Redhat
    8.09.09.2
  • Red Hat Enterprise Linux For Arm 64 Eus

    OS
    Redhat
    8.68.89.09.2
  • Red Hat Enterprise Linux For IBM Z Systems

    OS
    Redhat
    7.08.09.09.2
  • Red Hat Enterprise Linux For IBM Z Systems Eus

    OS
    Redhat
    8.68.89.09.2
  • Red Hat Enterprise Linux For Power Big Endian

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux For Power Little Endian

    OS
    Redhat
    7.08.09.0
  • Red Hat Enterprise Linux For Power Little Endian Eus

    OS
    Redhat
    8.89.09.2
  • Red Hat Enterprise Linux For Scientific Computing

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    8.28.48.69.2
  • Red Hat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

    OS
    Redhat
    8.18.28.48.68.89.09.2
  • Red Hat Enterprise Linux Server Tus

    OS
    Redhat
    8.28.48.68.8
  • Red Hat Enterprise Linux Server Update Services For Sap Solutions

    OS
    Redhat
    9.09.2
  • Red Hat Enterprise Linux Update Services For Sap Solutions

    OS
    Redhat
    8.18.28.48.68.8
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    7.0
  • Red Hat Subscription Manager

    APP
    Redhat
    < 1.28.391.29.0 – 1.29.37 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox