CVE-2022-2806

MEDIUM5.5EPSS 0.11%

sosreport Exposure of Sensitive Information vulnerability

發布日:2022/9/2修改日:2024/4/10

描述

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

受影響套件(1)

PyPI/sosreportfrom 0, < 4.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-2806
PATCHhttps://github.com/sosreport/sos
WEBhttps://github.com/sosreport/sos/commit/5fd872c64c53af37015f366295e0c2418c969757
WEBhttps://github.com/sosreport/sos/pull/2947