Convert2Rhel Project Convert2Rhel vulnerabilities

CVE-2022-0852 [MEDIUM] CWE-359 CVE-2022-0852: There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-ma There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it coul

CVE-2022-0851 [MEDIUM] CWE-200 CVE-2022-0851: There is a flaw in convert2rhel There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register

CVE-2022-1662 [MEDIUM] CWE-200 CVE-2022-1662: In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream rep