In convert2rhel's subscription.py file, code to register a system passes the password via the commandline. This could result in disclosure of the password to all users with local access to the system. Reference: 1. https://github.com/oamg/convert2rhel/blob/main/convert2rhel/subscription.py#L156
This issue has been addressed in the following products: Convert2RHEL for RHEL-8 Via RHSA-2022:1599 https://access.redhat.com/errata/RHSA-2022:1599
This issue has been addressed in the following products: Convert2RHEL for RHEL-7 Via RHSA-2022:1617 https://access.redhat.com/errata/RHSA-2022:1617
This issue has been addressed in the following products: Convert2RHEL for RHEL-6 Via RHSA-2022:1618 https://access.redhat.com/errata/RHSA-2022:1618
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0852