Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Convert2RHEL 信息泄露漏洞
Vulnerability Description
Convert2RHEL是一个工具。将 Oracle/CentOS/Scientific/Rocky/Alma Linux 自动转换为 Red Hat Enterprise Linux。 Convert2RHEL 存在安全漏洞,该漏洞源于应用 --activationkey 选项与 convert2rhel 一起使用时,激活密钥随后通过命令行传递给订阅管理器。本地的未经授权的用户通过进程命令行利用该漏洞查看激活密钥。
CVSS Information
N/A
Vulnerability Type
N/A