RHEL 6 : cloud-init (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 - cloud-init through...

Advisory ROSA-SA-2024-2410

Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...

SUSE SLES15 / openSUSE 15 Security Update : cloud-init (SUSE-SU-2024:0128-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0128-1 advisory. - Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find...

SUSE-SU-2024:0128-1 Security update for cloud-init

This update for cloud-init contains the following fixes: - Move fdupes call back to %install.bsc1214169 - Update to version 23.3. bsc1216011 bsc1215794 bsc1215740 bsc1216007 + Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support 4390 + Fix cckeyboard in mantic LP: 2030788 + ec2: initiali...

EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2805)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords...

EulerOS Virtualization 3.0.6.0 : cloud-init (EulerOS-SA-2023-3422)

According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. Th...

EulerOS 2.0 SP11 : cloud-init (EulerOS-SA-2023-2855)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...

EulerOS 2.0 SP11 : cloud-init (EulerOS-SA-2023-2838)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...

EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2781)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords...

EulerOS 2.0 SP8 : cloud-init (EulerOS-SA-2023-3116)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-3422)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-5536

A feature in LXD LP1829071, affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password...

Oracle Linux 8 : cloud-init (ELSA-2023-6943)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6943 advisory. - Resolves: bz2190081 CVE-2023-1786 cloud-init: sensitive data could be exposed in logs rhel-8 Tenable has extracted the preceding description block directly fr...

cloud-init security, bug fix, and enhancement update

23.1.1-10.0.1 - Added missing services in rhel/systemd/cloud-init.service Orabug: 32183938 - Add IPv6 IMDS and dhcp6 support for Oracle Datasource Orabug: 35470783 - Increase retry value and add timeout for OCI Orabug: 35329883 - Fix log file permissions Orabug: 35302985 - Update detection logic...

Oracle Linux 9 : cloud-init (ELSA-2023-6371)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6371 advisory. 23.1.1-11.0.2 - Fix Oracle Datasource network and getdata methods for OCI OL Orabug: 35950168 23.1.1-11.0.1 - Increase retry value and add timeout for OCI Orabu...

cloud-init: sensitive data could be exposed in logs

A vulnerability was found in cloud-init. With this flaw, exposure of sensitive data is possible in world-readable cloud-init logs. This flaw allows an attacker to use this information to find hashed passwords and possibly escalate their privilege...

Moderate: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update

An update for cloud-init is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2023:6943 Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

CentOS 8 : cloud-init (CESA-2023:6943)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:6943 advisory. - Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly...