Untriaged
Permalink
CVE-2023-3899
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
References
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2225407 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2225407 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2225407 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2225407 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2225407 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2225407 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry
- RHBZ#2225407 issue-tracking x_refsource_REDHAT
- RHSA-2023:4701 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4702 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4703 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4704 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4705 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4706 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4707 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4708 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-3899 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2225407 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
Affected products
subscription-manager
- ==1.28.39
- ==1.29.37
- *
Matching in nixpkgs
pkgs.python312Packages.graphql-subscription-manager
Python3 library for graphql subscription manager
-
nixos-unstable -
- nixpkgs-unstable 0.7.1
pkgs.python313Packages.graphql-subscription-manager
Python3 library for graphql subscription manager
-
nixos-unstable -
- nixpkgs-unstable 0.7.1
Package maintainers
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>