Main Vulnerability Database Vulnerabilities #VU67131

Inclusion of Sensitive Information in Log Files in sos - CVE-2022-2806

Published: September 8, 2022

Vulnerability identifier: #VU67131

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-2806

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: sosreport

Affected software:
sos

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the application does not apply encryption or obfuscation for the RHV admin password. An attacker with access to the application can gain access to sensitive information.

How to mitigate CVE-2022-2806

Install updates from vendor's website.

Sources

https://github.com/sosreport/sos/pull/2947
https://bugzilla.redhat.com/show_bug.cgi?id=2080005

Inclusion of Sensitive Information in Log Files in sos - CVE-2022-2806

Detailed vulnerability description

How to mitigate CVE-2022-2806

Sources

Please verify you're human