漏洞标题
N/A
漏洞描述信息
**争议** 在 Qualys Cloud Agent 4.8.0-49 中发现一个问题。它将 "ps auxwwe" 输出写入 /var/log/qualys/qualys-cloud-agent-scan.log 文件。例如,可能会意外地将密码(从环境变量)写入磁盘的文本。注意:没有常见的情况,其他用户无法读取Qualys-cloud-agent-scan.log,但是文件内容可以通过特定操作实践暴露。 vendor 不将这个问题称为漏洞,因为 ps 数据收集是有意的,并将仅捕获已经受到 CWE-214 漏洞影响的机器上的密码。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Qualys Cloud Agent 日志信息泄露漏洞
漏洞描述信息
Qualys Cloud Agent是美国Qualys公司的一个轻量级应用程序。用于实时、全球可见性和响应的单一代理。 Qualys Cloud Agent 4.8.0-49版本存在安全漏洞,该漏洞源于意外地将凭据(来自环境变量)以明文形式写入磁盘。
CVSS信息
N/A
漏洞类别
日志信息泄露