Advisory ROSA-SA-2025-3009

software: sos 4.10.0 WASP: ROSA-CHROME unaffected versions = sos-4.10.0-1 affected versions sos-4.10.0-1 CVE-ID: CVE-2022-2806 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability: ovirt-log-collector/sosreport collects RHV admin password in plaintext. CVE-STATUS: The vulnerability has been...

GHSA-7PF9-7CFF-F854 sosreport Exposure of Sensitive Information vulnerability

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el86, ovirt-log-collector-4.4.7-2.el8ev...

CVE-2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date...

PYSEC-2017-73

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date...

sosreport information disclosure vulnerability

sosreport is a set of tools for collecting log information on all systems. The tool supports automatic zipping of the collected information into a compressed package and provides MD5 checksums. A security vulnerability exists in sosreport version 3.2, which stems from the program assigning weak...

USN-2845-1 sosreport vulnerabilities

Dolev Farhi discovered an information disclosure issue in SoS. If the /etc/fstab file contained passwords, the passwords were included in the SoS report. This issue only affected Ubuntu 14.04 LTS. CVE-2014-3925 Mateusz Guzik discovered that SoS incorrectly handled temporary files. A local attacke...