Lucene search

K
cve[email protected]CVE-2022-2084
HistoryApr 19, 2023 - 10:15 p.m.

CVE-2022-2084

2023-04-1922:15:10
CWE-532
web.nvd.nist.gov
171
cve-2022-2084
cloud-init
sensitive data exposure
hashed passwords
nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.

Affected configurations

NVD
Node
canonicalcloud-initRange<22.3
Node
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch20.04lts
OR
canonicalubuntu_linuxMatch21.10
OR
canonicalubuntu_linuxMatch22.04lts

CNA Affected

[
  {
    "collectionURL": "https://github.com/canonical/cloud-init/releases",
    "packageName": "cloud-init",
    "platforms": [
      "Linux"
    ],
    "product": "cloud-init",
    "repo": "https://github.com/canonical/cloud-init/",
    "vendor": "Canonical Ltd.",
    "versions": [
      {
        "lessThan": "23.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%