CVE Vulnerabilities

CVE-2022-2806

Published: Sep 01, 2022 | Modified: Sep 07, 2022
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
5.1 MODERATE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

Affected Software

Name Vendor Start Version End Version
Sos Sos_project * 4.2-20.el8_6 (excluding)
Red Hat Virtualization Engine 4.4 RedHat ovirt-log-collector-0:4.4.7-2.el8ev *
Sosreport Ubuntu bionic *
Sosreport Ubuntu esm-infra/bionic *
Sosreport Ubuntu esm-infra/xenial *
Sosreport Ubuntu focal *
Sosreport Ubuntu jammy *
Sosreport Ubuntu trusty *
Sosreport Ubuntu trusty/esm *
Sosreport Ubuntu upstream *
Sosreport Ubuntu xenial *

References