Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Security advisory.

Possible information disclosure for Qualys Cloud Agent for Linux

Advisory ID: Q-PSA-2022-02
CVE ID:  CVE-2022-29550
Published: 2022-08-15
Last Update:  2022-08-15
CWE: CWE-312, CWE-200

Risk Factor

NVD Risk Rating Qualys Risk Rating
CVSSv3.1 Score 5.5, Medium Unchanged
CVSSv3.1 Vector (Base) AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Unchanged


Qualys Cloud Agent for Linux writes the output of the ps auxwwe command to the /var/log/qualys/qualys-cloud-agent-scan.log file when the logging level is configured to trace. While this level of logging is often required by customers for troubleshooting, customer credentials or other secrets could be unexpectedly written to the Qualys logs from environment variables if set by the customer.

NOTE: qualys-cloud-agent-scan.log can only be read by the root user on the system.


Qualys Cloud Agent for Linux default logging level set to Informational. At this logging level, the output from the ps auxwwe is not written to the qualys-cloud-agent-scan.log. Qualys documentation updated to support customer decision-making on appropriate logging levels and related security considerations.

Affected Products

Qualys Cloud Agent for Linux

Severity Considerations

Not applicable


Unqork Security Team (Justin Borland , Daniel Wood , David Heise , Bryan Li)

View more security advisories