Bug 2190079 (CVE-2023-1786) - CVE-2023-1786 cloud-init: sensitive data could be exposed in logs
Summary: CVE-2023-1786 cloud-init: sensitive data could be exposed in logs
Keywords:
Status: NEW
Alias: CVE-2023-1786
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2190081 2190082 2190083
Blocks: 2190077
TreeView+ depends on / blocked
 
Reported: 2023-04-27 05:31 UTC by Sandipan Roy
Modified: 2023-11-14 15:17 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in cloud-init. With this flaw, exposure of sensitive data is possible in world-readable cloud-init logs. This flaw allows an attacker to use this information to find hashed passwords and possibly escalate their privilege.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:6371 0 None None None 2023-11-07 08:14:46 UTC
Red Hat Product Errata RHSA-2023:6943 0 None None None 2023-11-14 15:17:50 UTC

Description Sandipan Roy 2023-04-27 05:31:52 UTC 
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

https://bugs.launchpad.net/cloud-init/+bug/2013967
https://ubuntu.com/security/notices/USN-6042-1
https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b
Comment 1 Sandipan Roy 2023-04-27 05:38:27 UTC 
Created cloud-init tracking bugs for this issue:

Affects: fedora-all [bug 2190082]
Comment 4 errata-xmlrpc 2023-11-07 08:14:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6371 https://access.redhat.com/errata/RHSA-2023:6371
Comment 5 errata-xmlrpc 2023-11-14 15:17:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6943 https://access.redhat.com/errata/RHSA-2023:6943
Note You need to log in before you can comment on or make changes to this bug.