CVE-2022-2806

Published: Sep 1, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

Affected (2)

Products: Sos Project: Sos · Ovirt: Log Collector

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sos Project Sos	Before 4.2-20.el8_6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Ovirt Log Collector	Before 4.4.7-2.el8ev

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/sosreport/sos/pull/2947

Source: secalert@redhat.com

PatchThird Party Advisory

https://github.com/sosreport/sos/pull/2947

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.