Lucene search

K
cvelistCanonicalCVELIST:CVE-2022-2084
HistoryApr 19, 2023 - 9:47 p.m.

CVE-2022-2084 sensitive data exposure in cloud-init logs

2023-04-1921:47:41
CWE-532
canonical
www.cve.org
vulnerability
cloud-init
sensitive data

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.

CNA Affected

[
  {
    "collectionURL": "https://github.com/canonical/cloud-init/releases",
    "packageName": "cloud-init",
    "platforms": [
      "Linux"
    ],
    "product": "cloud-init",
    "repo": "https://github.com/canonical/cloud-init/",
    "vendor": "Canonical Ltd.",
    "versions": [
      {
        "lessThan": "23.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%