Sos Project Sos vulnerabilities

CVE-2022-2806 [MEDIUM] CWE-200 CVE-2022-2806: It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixe It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

CVE-2015-7529 [HIGH] CWE-59 CVE-2015-7529: sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

CVE-2015-3171 [MEDIUM] CWE-200 CVE-2015-3171: sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.