CVE-2023-1786

Опубликовано: 27 апр. 2023

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

A vulnerability was found in cloud-init. With this flaw, exposure of sensitive data is possible in world-readable cloud-init logs. This flaw allows an attacker to use this information to find hashed passwords and possibly escalate their privilege.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	cloud-init	Out of support scope
Red Hat Enterprise Linux 7	cloud-init	Out of support scope
Red Hat Enterprise Linux 8	cloud-init	Fixed	RHSA-2023:6943	14.11.2023
Red Hat Enterprise Linux 9	cloud-init	Fixed	RHSA-2023:6371	07.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=2190079cloud-init: sensitive data could be exposed in logs

EPSS

Процентиль: 8%

0.00032

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-1786

CVSS3: 5.5

ubuntu

около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

CVE-2023-1786

CVSS3: 5.5

nvd

около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

CVE-2023-1786

CVSS3: 5.5

msrc

около 2 лет назад

Описание отсутствует

CVE-2023-1786

CVSS3: 5.5

debian

около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 2 ...

SUSE-SU-2024:0128-1

suse-cvrf

больше 1 года назад

Security update for cloud-init

EPSS

Процентиль: 8%

0.00032

Низкий

5.5 Medium

CVSS3