Showing 1 - 1 of 1

CVE-2022-29550

Status Candidate

Overview

** DISPUTED ** An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness.

Related Files

Qualys Cloud Agent Arbitrary Code Execution: Posted Sep 13, 2022; Authored by Daniel Wood; The Unqork Security team discovered multiple security vulnerabilities in the Qualys Cloud Agent including arbitrary code execution.; tags | advisory, arbitrary, vulnerability, code execution; advisories | CVE-2022-29549, CVE-2022-29550; SHA-256 | e2c9e183d9efb492bf157d76459e57b295f95b0dba1e6cdfd21218a957fbac87; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 267 files
indoushka 178 files
Jay Turla 150 files
Ubuntu 74 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 24 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,591)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,312)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,885)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,861)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

CVE-2022-29550

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems