Описание
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 21.1-19-gbad84ad4-0ubuntu1~18.04.1 |
| devel | not-affected | 21.1-19-gbad84ad4-0ubuntu2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 21.1-19-gbad84ad4-0ubuntu1~18.04.1 |
| esm-infra/focal | released | 21.1-19-gbad84ad4-0ubuntu1~20.04.1 |
| esm-infra/xenial | released | 21.1-19-gbad84ad4-0ubuntu1~16.04.1 |
| focal | released | 21.1-19-gbad84ad4-0ubuntu1~20.04.1 |
| groovy | released | 21.1-19-gbad84ad4-0ubuntu1~20.10.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
When instructing cloud-init to set a random password for a new user ac ...
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
EPSS
5.5 Medium
CVSS3