CVE-2022-2806: Infoleak
First published: Thu Apr 28 2022(Updated: )
A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the log file, leading to a loss of confidentiality.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ovirt-log-collector | <0:4.4.7-2.el8e | 0:4.4.7-2.el8e |
| Sos Project Sos | <4.2-20.el8_6 | |
| Ovirt Log Collector | <4.4.7-2.el8ev | |
| redhat/sos | <4.2-20.el8_6 | 4.2-20.el8_6 |
| pip/sosreport | <4.4 | 4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-2806 https://nvd.nist.gov/vuln/detail/CVE-2022-2806
- https://bugzilla.redhat.com/show_bug.cgi?id=2080005
- https://access.redhat.com/errata/RHSA-2022:6393
- https://access.redhat.com/security/cve/cve-2022-2806
- https://github.com/sosreport/sos/pull/2947
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2080005#c4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2080005#c7
- https://nvd.nist.gov/vuln/detail/CVE-2022-2806
- https://github.com/sosreport/sos/commit/5fd872c64c53af37015f366295e0c2418c969757
- https://github.com/advisories/GHSA-7pf9-7cff-f854 (Advisory)
Frequently Asked Questions
What is CVE-2022-2806?
CVE-2022-2806 is a vulnerability found in the oVirt Log Collector and SOS report tool, which logs plaintext passwords in the log file, allowing attackers with sufficient privileges to read the log file and access confidential information.
What is the severity of CVE-2022-2806?
CVE-2022-2806 has a severity of medium with a CVSS score of 5.1 (out of 10).
How does CVE-2022-2806 affect the affected software?
CVE-2022-2806 affects the ovirt-log-collector and sos packages with specific versions installed.
How can CVE-2022-2806 be fixed?
To fix CVE-2022-2806, update the affected software versions to the specific remediation versions provided by Red Hat.
Where can I find more information about CVE-2022-2806?
More information about CVE-2022-2806 can be found in the reference links provided by Red Hat.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-2806
- agent/software-canonical-lookup
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-7pf9-7cff-f854
- agent/severity
- agent/description
- agent/softwarecombine
- agent/references
- collector/nvd-cve
- source/NVD
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- package-manager/redhat
- vendor/sos project
- canonical/sos project sos
- vendor/ovirt
- canonical/ovirt log collector
- package-manager/pip