K33846344: Cloud-init vulnerabilities CVE-2020-8631 and CVE-2020-8632

Security Advisory Description CVE-2020-8631 cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function. CVE-2020-8632 In cloud-init through 19.4,...

SUSE CVE-2012-6639

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data...

SUSE CVE-2019-0816

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'...

SUSE CVE-2020-8632

In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for attackers to guess passwords...

SUSE CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...

SUSE CVE-2021-3429

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-1085)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.6 : cloud-init (EulerOS-SA-2023-1085)

According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included 'sshdeletekeys: 0', disabling cloud-init's...

cloud-init bug fix and enhancement update

An update is available for cloud-init. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9...

cloud-init bug fix and enhancement update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2022-2490)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.6 : cloud-init (EulerOS-SA-2022-2490)

According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included 'sshdeletekeys: 0', disabling cloud-init's...

cloud-init bug fix and enhancement update

An update is available for cloud-init. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

Information Disclosure

cloud-init is vulnerable to information disclosure. An attacker can gain sensitive information through the error logs in validatecloudconfigschema function of schema.py...

Cloud-init 日志信息泄露漏洞

Cloud-init is a virtual machine initialization tool for cloud platforms. Cloud-init suffers from a log message disclosure vulnerability that stems from a logged architecture failure...

Ubuntu: Security Advisory (USN-5496-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5496-1: cloud-init vulnerability

Mike Stroyan discovered that cloud-init could log password hashes when reporting schema failures. An attacker with access to these logs could potentially use this to gain user credentials...

USN-5496-1 cloud-init vulnerability

Mike Stroyan discovered that cloud-init could log password hashes when reporting schema failures. An attacker with access to these logs could potentially use this to gain user credentials...

CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

UBUNTU-CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...