Privilege Context Switching Error

CVE-2017-2663

High

8.2/10

Summary

It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-270 - Privilege Context Switching Error

The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

References

Advisory Timeline

Published Jul 27, 2018

Privilege Context Switching Error

CVE-2017-2663

Summary

CWE-270 - Privilege Context Switching Error

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS