Main Vulnerability Database Vulnerabilities #VU67131

#VU67131 Inclusion of Sensitive Information in Log Files in sos - CVE-2022-2806

Published: September 8, 2022

Vulnerability identifier: #VU67131

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-2806

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
sos

Software vendor:
sosreport

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the application does not apply encryption or obfuscation for the RHV admin password. An attacker with access to the application can gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://github.com/sosreport/sos/pull/2947
https://bugzilla.redhat.com/show_bug.cgi?id=2080005

#VU67131 Inclusion of Sensitive Information in Log Files in sos - CVE-2022-2806

Description

Remediation

External links

Please verify you're human