First published: Wed Apr 26 2023(Updated: )
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
Credit: security@ubuntu.com security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Cloud-init | <23.1.2 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Canonical Ubuntu Linux | =22.04 | |
Canonical Ubuntu Linux | =22.10 | |
Canonical Ubuntu Linux | =23.04 | |
Fedoraproject Fedora | =38 | |
debian/cloud-init | <=20.2-2~deb10u2<=20.4.1-2+deb11u1<=22.4.2-1 | 23.3.1-1 |
ubuntu/cloud-init | <23.1.2-0ubuntu0~18.04.1 | 23.1.2-0ubuntu0~18.04.1 |
ubuntu/cloud-init | <23.1.2-0ubuntu0~20.04.1 | 23.1.2-0ubuntu0~20.04.1 |
ubuntu/cloud-init | <23.1.2-0ubuntu0~22.04.1 | 23.1.2-0ubuntu0~22.04.1 |
ubuntu/cloud-init | <23.1.2-0ubuntu0~22.10.1 | 23.1.2-0ubuntu0~22.10.1 |
ubuntu/cloud-init | <23.1.2-0ubuntu0~23.04.1 | 23.1.2-0ubuntu0~23.04.1 |
ubuntu/cloud-init | <21.1-19- | 21.1-19- |
ubuntu/cloud-init | <23.2<23.1.2 | 23.2 23.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1786 is a vulnerability in cloud-init before version 23.1.2 that could expose sensitive data in logs.
An attacker could use exposed sensitive information in cloud-init logs to find hashed passwords and potentially escalate their privilege.
CVE-2023-1786 has a severity rating of 5.5 (medium).
Cloud-init versions before 23.1.2 are affected by CVE-2023-1786.
To fix CVE-2023-1786, update cloud-init to version 23.1.2 or higher.