MEDIUM 5.5

GHSA-7pf9-7cff-f854

sosreport Exposure of Sensitive Information vulnerability

상세

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / sosreport

최초 영향 버전: 0 수정 버전: 4.4

수정 pip install --upgrade 'sosreport>=4.4'

참고

https://nvd.nist.gov/vuln/detail/CVE-2022-2806 [ADVISORY]
https://github.com/sosreport/sos/pull/2947 [WEB]
https://github.com/sosreport/sos/commit/5fd872c64c53af37015f366295e0c2418c969757 [WEB]
https://github.com/sosreport/sos [PACKAGE]