25 matches found
MiracleLinux 8 : cloud-init-20.3-10.el8.5 (AXSA:2021-2312:08)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2312:08 advisory. cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Tenable has extracted the preceding description block...
Alibaba Cloud Linux 3 : 0257: cloud-init (ALINUX3-SA-2024:0257)
The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2024:0257 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3429: When instructing cloud-init to set a...
Advisory ROSA-SA-2024-2410
Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...
SUSE SLES12 Security Update : cloud-init (SUSE-SU-2023:2164-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2164-1 advisory. This update for cloud-init contains following fixes: - CVE-2021-3429: Do not write the generated password to the log file. bsc11847...
CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429 sensitive data exposure in cloud-init logs
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429 sensitive data exposure in cloud-init logs
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
EulerOS Virtualization 3.0.6.0 : cloud-init (EulerOS-SA-2022-1058)
According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to...
Mageia: Security Advisory (MGASA-2021-0494)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2021-2680)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2021-2624)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : cloud-init (EulerOS-SA-2021-2624)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the...
MGASA-2021-0494 Updated cloud-init packages fix security vulnerability
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....
Updated cloud-init packages fix security vulnerability
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....
OESA-2021-1372 cloud-init security update
Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fixes: CVE-2021-3429...
Moderate: Red Hat Security Advisory: cloud-init security update
An update for cloud-init is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Moderate: Red Hat Security Advisory: cloud-init security update
An update for cloud-init is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
CentOS 8 : cloud-init (CESA-2021:3081)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:3081 advisory. - cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Note that Nessus has not tested for this issue but has...
cloud-init security update
20.3-10.0.1 - Added missing services in rhel/systemd/cloud-init.service Orabug: 32183938 - Added missing services in cloud-init.service.tmpl for sshd Orabug: 32183938 - Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 Orabug: 30435672 - limit permissions Orabug: 31352433 -...