First published: Fri Oct 06 2023(Updated: )
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Credit: security@ubuntu.com security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Subiquity | <=23.09.1 | |
<=23.09.1 |
https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-5182.
The severity of CVE-2023-5182 is medium with a CVSS score of 5.5.
An attacker in the adm group could exploit this vulnerability to find hashed passwords and possibly escalate their privilege.
Subiquity version 23.09.1 and earlier are affected by this vulnerability.
Yes, the fix for this vulnerability is available in the latest version of subiquity.