GHSA-7pf9-7cff-f854

Source

https://github.com/advisories/GHSA-7pf9-7cff-f854

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-7pf9-7cff-f854/GHSA-7pf9-7cff-f854.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-7pf9-7cff-f854

Aliases

CVE-2022-2806

Published

2022-09-02T00:01:01Z

Modified

2024-04-10T19:12:55.767360Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

sosreport Exposure of Sensitive Information vulnerability

Details

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "github_reviewed_at": "2024-04-08T19:03:02Z",
    "severity": "MODERATE",
    "nvd_published_at": "2022-09-01T21:15:00Z",
    "github_reviewed": true
}

References

Affected packages

PyPI / sosreport

Package

Name: sosreport; View open source insights on deps.dev
Purl: pkg:pypi/sosreport

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4

Affected versions

3.*

3.2.0a1

3.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-7pf9-7cff-f854/GHSA-7pf9-7cff-f854.json"