Cloud Agent
Approved changes feed: RSS · Atom
cpe:2.3:a:qualys:cloud_agent:4.8.0-49:*:*:*:*:linux:*:*
part: a version: 4.8.0-49 update: *
| Vendor | Qualys (e1377980-03f0-5785-b9ec-b92371704dec) |
|---|---|
| Product | Cloud Agent (7ad50ebe-70f0-5dee-9c1d-c36a0cda2c0b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | linux |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-29550 |
vulnerable | 2026-06-08 05:42:48.483949 |
Details available
An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness
Published: 2022-08-18T12:16:18.000Z
Updated: 2024-08-03T06:26:06.296Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.