sosreport

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting sosreportpage 1 of 1

CVE-2015-3171MEDIUMCVSS 5.5EG 5.5✓ Fixed in d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
2017-07-25
vulnerable: 3.2, 3.2.0a1
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.
CVE-2015-7529HIGHCVSS 7.8EG 7.8
2017-11-06
vulnerable: 3.2, 3.2.0a1
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosr…
CVE-2022-2806MEDIUMCVSS 5.5EG 5.5✓ Fixed in 4.4
2022-09-01
vulnerable: 3.2, 3.2.0a1
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

Check whether sosreport is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sosreport CVEs against the assets you own.

Start Free Scan →