CVE-2022-29550 - Vulnerability Details

Vendors	Products
Qualys	Cloud Agent

Link	Providers
http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html
http://seclists.org/fulldisclosure/2022/Sep/10
https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux
https://blog.qualys.com/vulnerabilities-threat-research

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes \"ps auxwwe\" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-13T17:06:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.qualys.com/vulnerabilities-threat-research"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux"}, {"name": "20220912 Multiple vulnerabilities discovered in Qualys Cloud Agent", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2022/Sep/10"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-29550", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes \"ps auxwwe\" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.qualys.com/vulnerabilities-threat-research", "refsource": "MISC", "url": "https://blog.qualys.com/vulnerabilities-threat-research"}, {"name": "https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux", "refsource": "MISC", "url": "https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux"}, {"name": "20220912 Multiple vulnerabilities discovered in Qualys Cloud Agent", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Sep/10"}, {"name": "http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:26:06.296Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.qualys.com/vulnerabilities-threat-research"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux"}, {"name": "20220912 Multiple vulnerabilities discovered in Qualys Cloud Agent", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Sep/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-29550", "datePublished": "2022-08-18T12:16:18", "dateReserved": "2022-04-21T00:00:00", "dateUpdated": "2024-08-03T06:26:06.296Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qualys:cloud_agent:4.8.0-49:*:*:*:*:linux:*:*", "matchCriteriaId": "EE1CD51C-0C69-4381-8834-DC7D9C1FB0A4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes \"ps auxwwe\" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness"}, {"lang": "es", "value": "** EN DISPUTA ** Se ha detectado un problema en Qualys Cloud Agent versi\u00f3n 4.8.0-49. Escribe la salida \"ps auxwwe\" en el archivo /var/log/qualys/qualys-cloud-agent-scan.log. Esto puede, por ejemplo, escribir inesperadamente las credenciales (de las variables de entorno) en el disco en texto sin cifrar. NOTA: no se presentan circunstancias comunes en las que qualys-cloud-agent-scan.log pueda ser le\u00eddo por un usuario que no sea root; sin embargo, el contenido del archivo podr\u00eda estar expuesto mediante pr\u00e1cticas operativas espec\u00edficas del sitio. El proveedor NO caracteriza esto como una vulnerabilidad porque la recolecci\u00f3n de datos ps es intencional, y s\u00f3lo capturar\u00eda credenciales en una m\u00e1quina que ya estuviera afectada por la debilidad CWE-214."}], "id": "CVE-2022-29550", "lastModified": "2024-11-21T06:59:18.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-18T13:15:07.957", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Sep/10"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://blog.qualys.com/vulnerabilities-threat-research"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Sep/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://blog.qualys.com/vulnerabilities-threat-research"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object