VYPR

Sos

by Sos Project

Source repositories

CVEs (3)

  • CVE-2015-7529HigNov 6, 2017
    risk 0.51cvss 7.8epss 0.00

    sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

  • CVE-2015-3171MedJul 25, 2017
    risk 0.29cvss 5.5epss 0.00

    sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

  • CVE-2022-2806Sep 1, 2022
    risk 0.00cvss epss 0.00

    It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev