Sos Project » SOS : Security Vulnerabilities, CVEs,
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-09-01
Updated
2022-09-07
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-11-06
Updated
2023-02-13
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-07-25
Updated
2019-12-11
3 vulnerabilities found