It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HRed Hat Subscription Manager
APPRedhat< 1.19.4
Related vulnerabilities
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate aut...
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permission...
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...