CVE-2022-2806
sosreport Exposure of Sensitive Information vulnerability
5.5
MEDIUM
CVSS 3.1
EPSS 0.11%
Description
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev
How to fix CVE-2022-2806
To remediate CVE-2022-2806, upgrade the affected package to a fixed version below.
- PyPI/sosreport—upgrade to 4.4 or later
Is CVE-2022-2806 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |