Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2023-5536

Medium priority
Ignored

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

2 affected packages

cloud-init, subiquity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cloud-init Ignored Ignored Ignored Ignored
subiquity Ignored Ignored Ignored Ignored
Show less packages

CVE-2023-1786

Medium priority
Fixed

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

1 affected packages

cloud-init

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cloud-init Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-3429

Medium priority
Fixed

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as...

1 affected packages

cloud-init

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cloud-init Fixed Fixed Fixed
Show less packages

CVE-2022-2084

Medium priority
Fixed

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.

1 affected packages

cloud-init

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cloud-init Fixed Fixed Fixed Not affected
Show less packages

CVE-2020-8632

Low priority

Some fixes available 6 of 8

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

1 affected packages

cloud-init

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cloud-init Fixed Fixed Fixed Ignored
Show less packages

CVE-2020-8631

Low priority

Some fixes available 1 of 4

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.

1 affected packages

cloud-init

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cloud-init Not affected Not affected Fixed Ignored
Show less packages

CVE-2012-6639

Low priority
Ignored

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

1 affected packages

cloud-init

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cloud-init Not affected
Show less packages

CVE-2019-0816

Medium priority
Fixed

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.

1 affected packages

cloud-init

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cloud-init Fixed Fixed
Show less packages