CVE-2023-1786

Опубликовано: 26 апр. 2023

Источник: debian

EPSS Низкий

Описание

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cloud-init	fixed	23.2-1		package
cloud-init	no-dsa		bookworm	package
cloud-init	no-dsa		bullseye	package
cloud-init	no-dsa		buster	package

Примечания

https://bugs.launchpad.net/cloud-init/+bug/2013967
https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b (23.2)

EPSS

Процентиль: 8%

0.00032

Низкий

Связанные уязвимости

CVE-2023-1786

CVSS3: 5.5

ubuntu

около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

CVE-2023-1786

CVSS3: 5.5

redhat

около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

CVE-2023-1786

CVSS3: 5.5

nvd

около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

CVE-2023-1786

CVSS3: 5.5

msrc

около 2 лет назад

Описание отсутствует

SUSE-SU-2024:0128-1

suse-cvrf

больше 1 года назад

Security update for cloud-init

EPSS

Процентиль: 8%

0.00032

Низкий