exploitDog

CVE-2023-5182

Опубликовано: 07 окт. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.

Ссылки

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182
Patch
Third Party Advisory
https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c
Patch
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182
Patch
Third Party Advisory
https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*

Версия до 23.09.1 (включая)

EPSS

Процентиль: 9%

0.00032

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-532

CWE-532

Связанные уязвимости

CVE-2023-5182

CVSS3: 5.5

ubuntu

больше 2 лет назад

Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.

GHSA-9j7r-mqx9-67mv

CVSS3: 5.5

github

больше 2 лет назад

Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.

EPSS

Процентиль: 9%

0.00032

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-532

CWE-532