What is the vulnerability ID for this cloud-init vulnerability?

The vulnerability ID for this cloud-init vulnerability is USN-6042-1.

What is the description of the cloud-init vulnerability?

The cloud-init vulnerability allows sensitive data to be exposed in logs, which could potentially be used to find hashed passwords and escalate privileges.

Which software versions are affected by this cloud-init vulnerability?

The cloud-init vulnerability affects versions 23.1.2-0ubuntu0~23.04.1, 23.1.2-0ubuntu0~22.10.1, 23.1.2-0ubuntu0~22.04.1, 23.1.2-0ubuntu0~20.04.1, 23.1.2-0ubuntu0~18.04.1, and 21.1-19-gbad84ad4-0ubuntu1~16.04.4 of cloud-init on Ubuntu.

How can an attacker exploit this cloud-init vulnerability?

An attacker can exploit this cloud-init vulnerability by using the exposed sensitive data in the logs to find hashed passwords and potentially escalate their privilege.

How can I fix the cloud-init vulnerability?

To fix the cloud-init vulnerability, update to version 23.1.2-0ubuntu0~23.04.1 or later using the provided remedy.

Vulnerability/
USN-6042-1

26/4/2023

USN-6042-1: Cloud-init vulnerability

First published: Wed Apr 26 2023(Updated: )

James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

Affected Software	Affected Version	How to fix
All of
ubuntu/cloud-init	<23.1.2-0ubuntu0~23.04.1	23.1.2-0ubuntu0~23.04.1
	=23.04
All of
ubuntu/cloud-init	<23.1.2-0ubuntu0~22.10.1	23.1.2-0ubuntu0~22.10.1
	=22.10
All of
ubuntu/cloud-init	<23.1.2-0ubuntu0~22.04.1	23.1.2-0ubuntu0~22.04.1
	=22.04
All of
ubuntu/cloud-init	<23.1.2-0ubuntu0~20.04.1	23.1.2-0ubuntu0~20.04.1
	=20.04
All of
ubuntu/cloud-init	<23.1.2-0ubuntu0~18.04.1	23.1.2-0ubuntu0~18.04.1
	=18.04
All of
ubuntu/cloud-init	<21.1-19-gbad84ad4-0ubuntu1~16.04.4	21.1-19-gbad84ad4-0ubuntu1~16.04.4
	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2023-1786

Frequently Asked Questions

What is the vulnerability ID for this cloud-init vulnerability?
The vulnerability ID for this cloud-init vulnerability is USN-6042-1.
What is the description of the cloud-init vulnerability?
The cloud-init vulnerability allows sensitive data to be exposed in logs, which could potentially be used to find hashed passwords and escalate privileges.
Which software versions are affected by this cloud-init vulnerability?
The cloud-init vulnerability affects versions 23.1.2-0ubuntu0~23.04.1, 23.1.2-0ubuntu0~22.10.1, 23.1.2-0ubuntu0~22.04.1, 23.1.2-0ubuntu0~20.04.1, 23.1.2-0ubuntu0~18.04.1, and 21.1-19-gbad84ad4-0ubuntu1~16.04.4 of cloud-init on Ubuntu.
How can an attacker exploit this cloud-init vulnerability?
An attacker can exploit this cloud-init vulnerability by using the exposed sensitive data in the logs to find hashed passwords and potentially escalate their privilege.
How can I fix the cloud-init vulnerability?
To fix the cloud-init vulnerability, update to version 23.1.2-0ubuntu0~23.04.1 or later using the provided remedy.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/23.04
version/ubuntu ubuntu/22.10
version/ubuntu ubuntu/22.04
version/ubuntu ubuntu/20.04
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04