{"containers": {"cna": {"affected": [{"product": "vdsm", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in v4.50.0.4"}]}], "descriptions": [{"lang": "en", "value": "A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-26T17:25:47", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248"}, {"tags": ["x_refsource_MISC"], "url": "https://gerrit.ovirt.org/c/vdsm/+/118025"}, {"tags": ["x_refsource_MISC"], "url": "https://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=53b0036fc72d3b8877d4e7f047d705e5a4c722e8"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2022-0207"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:42.543Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gerrit.ovirt.org/c/vdsm/+/118025"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=53b0036fc72d3b8877d4e7f047d705e5a4c722e8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-0207"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0207", "datePublished": "2022-08-26T17:25:47", "dateReserved": "2022-01-12T00:00:00", "dateUpdated": "2024-08-02T23:18:42.543Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*", "matchCriteriaId": "80B03384-9818-41B4-9C3D-B659CDB5F602", "versionEndExcluding": "4.50.0.4", "versionStartIncluding": "4.30.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization_for_ibm_power_little_endian:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDE26BBE-BD17-43B4-9C3F-B009F5AD0396", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text."}, {"lang": "es", "value": "Se encontr\u00f3 una condici\u00f3n de carrera en vdsm. Funcionalidad para ofuscar valores sensibles en archivos de registro que puede conllevar a que los valores sean almacenados en texto sin cifrar."}], "id": "CVE-2022-0207", "lastModified": "2024-11-21T06:38:08.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-26T18:15:08.720", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-0207"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://gerrit.ovirt.org/c/vdsm/+/118025"}, {"source": "secalert@redhat.com", "url": "https://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=53b0036fc72d3b8877d4e7f047d705e5a4c722e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-0207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://gerrit.ovirt.org/c/vdsm/+/118025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=53b0036fc72d3b8877d4e7f047d705e5a4c722e8"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Milan Zamazal (Red Hat).", "affected_release": [{"advisory": "RHSA-2022:4764", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "vdsm-0:4.50.0.13-1.el8ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-05-26T00:00:00Z"}], "bugzilla": {"description": "vdsm: disclosure of sensitive values in log files", "id": "2039248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-362", "details": ["A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.", "A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text."], "name": "CVE-2022-0207", "public_date": "2022-01-11T10:54:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0207\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0207\nhttps://gerrit.ovirt.org/c/vdsm/+/118025"], "threat_severity": "Low"}