CVE-2022-0207

CWE-362Race Condition4 documents4 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 81.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Ovirt VdsmRedhat VirtualizationRedhat Virtualization FOR IBM Power Little Endian+1 more
Timeline
PublishedAug 26
Latest updateAug 27

Description

A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDovirt/vdsm4.30.14.50.0.4
CVEListV5vdsmFixed in v4.50.0.4

Patches

Patch: bugzilla.redhat.comPatch: gerrit.ovirt.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-32qr-rh8p-qfq7: A race condition was found in vdsm2022-08-27
CVEList
CVE-2022-0207: A race condition was found in vdsm2022-08-26

📋Vendor Advisories

1
Red Hat
vdsm: disclosure of sensitive values in log files2022-01-11