Lucene search
CanonicalCVELIST:CVE-2022-2084HistoryApr 19, 2023 - 9:47 p.m.
CVE-2022-2084 sensitive data exposure in cloud-init logs
2023-04-1921:47:41
CWE-532
canonical
www.cve.org
vulnerability
cloud-init
sensitive data
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.
CNA Affected
[
{
"collectionURL": "https://github.com/canonical/cloud-init/releases",
"packageName": "cloud-init",
"platforms": [
"Linux"
],
"product": "cloud-init",
"repo": "https://github.com/canonical/cloud-init/",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "23.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
debiancve
debiancve
CVE-2022-2084
2023-04-19 22:15:10
alpinelinux
alpinelinux
CVE-2022-2084
2023-04-19 22:15:10
prion
prion
Code injection
2023-04-19 22:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-2375)
2023-07-17 00:00:00
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-2349)
2023-07-17 00:00:00
Ubuntu: Security Advisory (USN-5496-1)
2022-06-30 00:00:00
ubuntucve
ubuntucve
CVE-2022-2084
2022-06-29 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2375)
2023-07-18 00:00:00
EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2349)
2023-07-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-2084 affecting package cloud-init 21.4-3
2023-07-28 23:16:55
osv
osv
cloud-init vulnerability
2022-06-29 22:11:21
CVE-2022-2084
2023-04-19 22:15:10
cve
cve
CVE-2022-2084
2023-04-19 22:15:10
ubuntu
ubuntu
cloud-init vulnerability
2022-06-29 00:00:00
nvd
nvd
CVE-2022-2084
2023-04-19 22:15:10
veracode
veracode
Information Disclosure
2022-07-03 18:37:29
redhatcve
redhatcve
CVE-2022-2084
2023-04-20 05:30:56
rosalinux
rosalinux
Advisory ROSA-SA-2024-2410
2024-05-02 07:56:56
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2022-2084