CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
redhatsubscription-manager
𝑥
< 1.28.39
redhatsubscription-manager
1.29.0 ≤
𝑥
< 1.29.37
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
8.6
redhatenterprise_linux_eus
8.8
redhatenterprise_linux_eus
9.0
redhatenterprise_linux_eus
9.2
redhatenterprise_linux_for_arm_64
8.0
redhatenterprise_linux_for_arm_64
9.0
redhatenterprise_linux_for_arm_64
9.2
redhatenterprise_linux_for_arm_64_eus
8.6
redhatenterprise_linux_for_arm_64_eus
8.8
redhatenterprise_linux_for_arm_64_eus
9.0
redhatenterprise_linux_for_arm_64_eus
9.2
redhatenterprise_linux_for_ibm_z_systems
7.0
redhatenterprise_linux_for_ibm_z_systems
8.0
redhatenterprise_linux_for_ibm_z_systems
9.0
redhatenterprise_linux_for_ibm_z_systems
9.2
redhatenterprise_linux_for_ibm_z_systems_eus
8.6
redhatenterprise_linux_for_ibm_z_systems_eus
8.8
redhatenterprise_linux_for_ibm_z_systems_eus
9.0
redhatenterprise_linux_for_ibm_z_systems_eus
9.2
redhatenterprise_linux_for_power_big_endian
7.0
redhatenterprise_linux_for_power_little_endian
7.0
redhatenterprise_linux_for_power_little_endian
8.0
redhatenterprise_linux_for_power_little_endian
9.0
redhatenterprise_linux_for_power_little_endian_eus
8.8
redhatenterprise_linux_for_power_little_endian_eus
9.0
redhatenterprise_linux_for_power_little_endian_eus
9.2
redhatenterprise_linux_for_scientific_computing
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_aus
9.2
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.1
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.2
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.4
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.6
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.8
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.0
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.2
redhatenterprise_linux_server_tus
8.2
redhatenterprise_linux_server_tus
8.4
redhatenterprise_linux_server_tus
8.6
redhatenterprise_linux_server_tus
8.8
redhatenterprise_linux_server_update_services_for_sap_solutions
9.0
redhatenterprise_linux_server_update_services_for_sap_solutions
9.2
redhatenterprise_linux_update_services_for_sap_solutions
8.1
redhatenterprise_linux_update_services_for_sap_solutions
8.2
redhatenterprise_linux_update_services_for_sap_solutions
8.4
redhatenterprise_linux_update_services_for_sap_solutions
8.6
redhatenterprise_linux_update_services_for_sap_solutions
8.8
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
dnf-plugin-subscription-manager
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
libdnf-plugin-subscription-manager
RHEL 9
0:1.29.33.1-2.el9_2
fixed
python-syspurpose
RHEL 7
0:1.24.52-2.el7_9
fixed
python3-cloud-what
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
RHEL 9
0:1.29.33.1-2.el9_2
fixed
python3-subscription-manager-rhsm
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
RHEL 9
0:1.29.33.1-2.el9_2
fixed
python3-syspurpose
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
rhsm-gtk
RHEL 7
0:1.24.52-2.el7_9
fixed
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
rhsm-icons
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
subscription-manager
RHEL 7
0:1.24.52-2.el7_9
fixed
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
RHEL 9
0:1.29.33.1-2.el9_2
fixed
subscription-manager-cockpit
RHEL 7
0:1.24.52-2.el7_9
fixed
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
subscription-manager-gui
RHEL 7
0:1.24.52-2.el7_9
fixed
subscription-manager-initial-setup-addon
RHEL 7
0:1.24.52-2.el7_9
fixed
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
subscription-manager-migration
RHEL 7
0:1.24.52-2.el7_9
fixed
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
subscription-manager-plugin-container
RHEL 7
0:1.24.52-2.el7_9
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
subscription-manager-plugin-ostree
RHEL 7
0:1.24.52-2.el7_9
fixed
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
RHEL 9
0:1.29.33.1-2.el9_2
fixed
subscription-manager-rhsm
RHEL 7
0:1.24.52-2.el7_9
fixed
subscription-manager-rhsm-certificates
RHEL 7
0:1.24.52-2.el7_9
fixed
RHEL 8
0:1.28.36-3.el8_8
fixed
RHEL 8.1 E4S
0:1.25.17.1-2.el8_1
fixed
RHEL 8.2 AUS
0:1.26.22-2.el8_2
fixed
RHEL 8.2 E4S
0:1.26.22-2.el8_2
fixed
RHEL 8.2 TUS
0:1.26.22-2.el8_2
fixed
RHEL 8.4 AUS
0:1.28.13-7.el8_4
fixed
RHEL 8.4 E4S
0:1.28.13-7.el8_4
fixed
RHEL 8.4 TUS
0:1.28.13-7.el8_4
fixed
RHEL 8.6 AUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 E4S
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 EUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.6 TUS
0:1.28.29.1-2.el8_6
fixed
RHEL 8.8 AUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 E4S
0:1.28.36-3.el8_8
fixed
RHEL 8.8 EUS
0:1.28.36-3.el8_8
fixed
RHEL 8.8 TUS
0:1.28.36-3.el8_8
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:4701
https://access.redhat.com/errata/RHSA-2023:4702
https://access.redhat.com/errata/RHSA-2023:4703
https://access.redhat.com/errata/RHSA-2023:4704
https://access.redhat.com/errata/RHSA-2023:4705
https://access.redhat.com/errata/RHSA-2023:4706
https://access.redhat.com/errata/RHSA-2023:4707
https://access.redhat.com/errata/RHSA-2023:4708
https://access.redhat.com/security/cve/CVE-2023-3899
https://bugzilla.redhat.com/show_bug.cgi?id=2225407
https://access.redhat.com/errata/RHSA-2023:4701
https://access.redhat.com/errata/RHSA-2023:4702
https://access.redhat.com/errata/RHSA-2023:4703
https://access.redhat.com/errata/RHSA-2023:4704
https://access.redhat.com/errata/RHSA-2023:4705
https://access.redhat.com/errata/RHSA-2023:4706
https://access.redhat.com/errata/RHSA-2023:4707
https://access.redhat.com/errata/RHSA-2023:4708
https://access.redhat.com/security/cve/CVE-2023-3899
https://bugzilla.redhat.com/show_bug.cgi?id=2225407
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/