Advisory ROSA-SA-2024-2410

Software: cloud-init 20.3
OS: ROSA Virtualization 2.1

package_evr_string: cloud-init-20.3-10.el8_4.5.src.rpm

CVE-ID: CVE-2021-3429
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the public log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update cloud-init command

CVE-ID: CVE-2022-2084
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Confidential data may be available in publicly available Cloud-Init logs when schema errors are reported. This leak may include hashed passwords.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update cloud-init command