MEDIUM 5.5

GHSA-7pf9-7cff-f854

sosreport Exposure of Sensitive Information vulnerability

Details

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / sosreport

Introduced in: 0 Fixed in: 4.4

Fix pip install --upgrade 'sosreport>=4.4'

References

https://nvd.nist.gov/vuln/detail/CVE-2022-2806 [ADVISORY]
https://github.com/sosreport/sos/pull/2947 [WEB]
https://github.com/sosreport/sos/commit/5fd872c64c53af37015f366295e0c2418c969757 [WEB]
https://github.com/sosreport/sos [PACKAGE]