CVE-2022-1662
MEDIUMconvert2rhel - Unauthorized Password Exposure via CLI Argument
Title source: llmDescription
In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2083851
Scores
CVSS v3
5.5
EPSS
0.0020
EPSS Percentile
10.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
convert2rhel_project/convert2rhel
0.24
convert2rhel_project/convert2rhel
0.25
Published
Jul 14, 2022
Tracked Since
Feb 18, 2026