CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2806 – ovirt-log-collector: RHVM admin password is logged unfiltered
https://notcve.org/view.php?id=CVE-2022-2806
01 Sep 2022 — It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev Se ha detectado que ovirt-log-collector/sosreport recoge la contraseña de administrador de RHV sin filtrar. Corregido en: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the lo... • https://github.com/sosreport/sos/pull/2947 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3171
https://notcve.org/view.php?id=CVE-2015-3171
25 Jul 2017 — sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. sosreport versión 3.2, utiliza permisos débiles para los archivos de sosreport generados, lo que permite a los usuarios locales con acceso a /var/tmp/ obtener información confidencial mediante la lectura del contenido del archivo. • https://bugzilla.redhat.com/show_bug.cgi?id=1218658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2015-7529 – sos: Usage of predictable temporary files allows privilege escalation
https://notcve.org/view.php?id=CVE-2015-7529
18 Dec 2015 — sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. sosreport en las versiones 3.x de SoS permite que usuarios locales ibtengan información sensible de archivos sosreport u obtener privilegios mediante un ataque de vínculo simbólico o un archivo de archivado en un directorio temporal. Esto lo demuestr... • http://rhn.redhat.com/errata/RHSA-2016-0152.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •