candlepin/subscription-manager on GitHub
A GUI and CLI client for Candlepin
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2017-2663 | 7.8 HIGH | 4.6 MEDIUM | |
It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack. | |||
CVE-2016-4455 | 3.3 LOW | 2.1 LOW | |
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. |