CVE-2023-3899

HIGH

subscription-manager - Privilege Escalation

Title source: llm

Description

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

References (12)

Core 12

Core References

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:4701

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:4702

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:4703

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:4704

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:4705

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:4706

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:4707

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:4708

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-3899

Issue Tracking, Vendor Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2225407

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 11.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-285 CWE-863

Status published

Products (50)

fedoraproject/fedora 37

fedoraproject/fedora 38

redhat/enterprise_linux 8.0

redhat/enterprise_linux 9.0

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_eus 8.6

redhat/enterprise_linux_eus 8.8

redhat/enterprise_linux_eus 9.0

redhat/enterprise_linux_eus 9.2

redhat/enterprise_linux_for_arm_64 8.0

... and 40 more

Published Aug 23, 2023

Tracked Since Feb 18, 2026