sos-collector is vulnerable to information disclosure. Incorrect permissions set on new files created by the sos-collector in /var/tmp directory allows a local attacker to access the files and retrieve confidential information.
CPE | Name | Operator | Version |
---|---|---|---|
sos-collector | eq | 1.4__3.el7 | |
sos-collector | eq | 1.4__3.el7 |
access.redhat.com/errata/RHSA-2018:3663
access.redhat.com/security/cve/CVE-2018-14650
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1633243
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650
github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed