The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
Privilege Escalation
Enterprise Linux Desktop
Enterprise Linux Hpc Node
Enterprise Linux Server
Enterprise Linux Workstation
+1
NVD
GitHub
CVSS 3.1
3.3
EPSS
0.0%