Bug 2083851 (CVE-2022-1662)
| Summary: | CVE-2022-1662 convert2rhel: ansible playbook passes credentials to convert2rhel via CLI | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Todd Cullum <tcullum> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | mbocek, tkuratom |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | convert2rhel 0.26 Vivi | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in convert2rhel, where an Ansible playbook named ansible/run-convert2rhel.yml passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This flaw allows unauthorized local users to view the password via the process list while convert2rhel is running.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-12 06:15:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2054854, 2083859 | ||
|
Description
Todd Cullum
2022-05-10 19:33:05 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1662 |