CVE-2017-2663
on github
Published
Severity
CVSS v3:
7.8 HIGH
CVSS v2:
4.6 MEDIUM
Description
It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:redhat:subscription-manager:*:*:*:*:*:*:*:* | n/a | 1.19.4 | * |