CVE-2022-2806: Exposure of Sensitive Information to an Unauthorized Actor

September 1, 2022 (updated September 7, 2022)

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

References

github.com/sosreport/sos/pull/2947
nvd.nist.gov/vuln/detail/CVE-2022-2806

Detect and mitigate CVE-2022-2806 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →