CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2806 – ovirt-log-collector: RHVM admin password is logged unfiltered
https://notcve.org/view.php?id=CVE-2022-2806
01 Sep 2022 — It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev Se ha detectado que ovirt-log-collector/sosreport recoge la contraseña de administrador de RHV sin filtrar. Corregido en: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the lo... • https://github.com/sosreport/sos/pull/2947 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2011-4083 – sos: sosreport is gathering certificate-based RHN entitlement private keys
https://notcve.org/view.php?id=CVE-2011-4083
17 Feb 2014 — The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. La utilidad sosreport en el paquete sos de Red Hat anterior a 1.7-9 y 2.x anterior a 2.2-17 incluye (1) claves de derechos privadas basadas en certificado de Red Hat Network y la (2... • http://rhn.redhat.com/errata/RHSA-2011-1536.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2664 – sosreport does not blank root password in anaconda plugin
https://notcve.org/view.php?id=CVE-2012-2664
29 Jun 2012 — The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. La utilidad sosreport del paquete sos de Red Hat anteriores a 2.2-29 no elimina información de la contraseña del usuario administrador del archivo de configuración Kickstart (/root/anaconda-ks.cfg) cuando se crea un a... • http://rhn.redhat.com/errata/RHSA-2012-0958.html • CWE-255: Credentials Management Errors •