CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2806 – ovirt-log-collector: RHVM admin password is logged unfiltered
https://notcve.org/view.php?id=CVE-2022-2806
01 Sep 2022 — It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev Se ha detectado que ovirt-log-collector/sosreport recoge la contraseña de administrador de RHV sin filtrar. Corregido en: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the lo... • https://github.com/sosreport/sos/pull/2947 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3925 – Ubuntu Security Notice USN-2845-1
https://notcve.org/view.php?id=CVE-2014-3925
01 Jun 2014 — sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. sosreport en Red Hat sos 1.7 y versiones anteriores en Red Hat Enterprise Linux (RHEL) 5 produce un archivo con un fichero fstab conteniendo potenci... • http://openwall.com/lists/oss-security/2014/05/29/6 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2664 – sosreport does not blank root password in anaconda plugin
https://notcve.org/view.php?id=CVE-2012-2664
20 Jun 2012 — The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. La utilidad sosreport del paquete sos de Red Hat anteriores a 2.2-29 no elimina información de la contraseña del usuario administrador del archivo de configuración Kickstart (/root/anaconda-ks.cfg) cuando se crea un a... • http://rhn.redhat.com/errata/RHSA-2012-0958.html • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2011-4083 – sos: sosreport is gathering certificate-based RHN entitlement private keys
https://notcve.org/view.php?id=CVE-2011-4083
06 Dec 2011 — The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. La utilidad sosreport en el paquete sos de Red Hat anterior a 1.7-9 y 2.x anterior a 2.2-17 incluye (1) claves de derechos privadas basadas en certificado de Red Hat Network y la (2... • http://rhn.redhat.com/errata/RHSA-2011-1536.html • CWE-310: Cryptographic Issues •