FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cloud-init -- sensitive data exposure in cloud-init logs

Affected packages
cloud-init < 23.1.2
cloud-init-devel < 23.1.2

Details

VuXML ID 02562a78-e6b7-11ed-b0ce-b42e991fc52e
Discovery 2023-04-26
Entry 2023-04-29

security@ubuntu.com reports:

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

References

CVE Name CVE-2023-1786
URL https://nvd.nist.gov/vuln/detail/CVE-2023-1786