CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2806 – ovirt-log-collector: RHVM admin password is logged unfiltered
https://notcve.org/view.php?id=CVE-2022-2806
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev Se ha detectado que ovirt-log-collector/sosreport recoge la contraseña de administrador de RHV sin filtrar. Corregido en: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the log file, leading to a loss of confidentiality. • https://github.com/sosreport/sos/pull/2947 https://access.redhat.com/security/cve/CVE-2022-2806 https://bugzilla.redhat.com/show_bug.cgi?id=2080005 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2664 – sosreport does not blank root password in anaconda plugin
https://notcve.org/view.php?id=CVE-2012-2664
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. La utilidad sosreport del paquete sos de Red Hat anteriores a 2.2-29 no elimina información de la contraseña del usuario administrador del archivo de configuración Kickstart (/root/anaconda-ks.cfg) cuando se crea un archivo con información de configuración, lo que puede permitir a atacantes obtener contraseñas o hashes de contraseñas. • http://rhn.redhat.com/errata/RHSA-2012-0958.html http://rhn.redhat.com/errata/RHSA-2013-1121.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/54116 https://exchange.xforce.ibmcloud.com/vulnerabilities/76468 https://access.redhat.com/security/cve/CVE-2012-2664 https://bugzilla.redhat.com/show_bug.cgi?id=826884 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2011-4083 – sos: sosreport is gathering certificate-based RHN entitlement private keys
https://notcve.org/view.php?id=CVE-2011-4083
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. La utilidad sosreport en el paquete sos de Red Hat anterior a 1.7-9 y 2.x anterior a 2.2-17 incluye (1) claves de derechos privadas basadas en certificado de Red Hat Network y la (2) clave privada para el derecho en un archivo con información de depuración, lo que podría permitir a atacantes remotos obtener información sensible mediante la lectura del archivo. • http://rhn.redhat.com/errata/RHSA-2011-1536.html http://rhn.redhat.com/errata/RHSA-2012-0153.html https://access.redhat.com/security/cve/CVE-2011-4083 https://bugzilla.redhat.com/show_bug.cgi?id=749383 • CWE-310: Cryptographic Issues •