CVE-2022-2806Sensitive Information Exposure in LOG Collector

CWE-200Sensitive Information ExposureCWE-908Use of Uninitialized Resource10 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 70.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ovirt LOG CollectorSOS Project SOS
Timeline
PublishedSep 1
Latest updateFeb 26

Description

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDovirt/log_collector< 4.4.7-2.el8ev
NVDsos_project/sos< 4.2-20.el8_6

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
sosreport Exposure of Sensitive Information vulnerability2022-09-02
GHSA
sosreport Exposure of Sensitive Information vulnerability2022-09-02
OSV
CVE-2022-2806: It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered2022-09-01
CVEList
CVE-2022-2806: It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered2022-09-01

📋Vendor Advisories

4
Red Hat
kernel: tipc: check attribute length for bearer name2025-02-26
Ubuntu
SoS vulnerability2022-09-26
Microsoft
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6 ovirt-log-collector-4.4.7-2.el8ev2022-09-13
Red Hat
ovirt-log-collector: RHVM admin password is logged unfiltered2022-05-27
CVE-2022-2806 — Sensitive Information Exposure | cvebase