CVE-2023-1786

CVSS V2 None CVSS V3 None

Description

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

Overview

CVE ID
CVE-2023-1786

Assigner
security@ubuntu.com

Vulnerability Status
Received

Published Version
2023-04-26T23:15:08

Last Modified Date
2023-04-26T23:15:08

Weakness Enumerations

CWE	URL
CWE-532	http://cwe.mitre.org/data/definitions/532.html

References

Reference URL	Reference Tags
https://bugs.launchpad.net/cloud-init/+bug/2013967
https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b
https://ubuntu.com/security/notices/USN-6042-1

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-1786
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1786

History

Created	Old Value	New Value	Data Type	Notes
2023-04-27 00:01:14				Added to TrackCVE
2023-04-27 00:01:15			Weakness Enumeration	new