25 matches found
MiracleLinux 8 : cloud-init-20.3-10.el8.5 (AXSA:2021-2312:08)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2312:08 advisory. cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Tenable has extracted the preceding description block...
Alibaba Cloud Linux 3 : 0257: cloud-init (ALINUX3-SA-2024:0257)
The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2024:0257 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3429: When instructing cloud-init to set a...
Advisory ROSA-SA-2024-2410
Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...
SUSE SLES12 Security Update : cloud-init (SUSE-SU-2023:2164-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2164-1 advisory. This update for cloud-init contains following fixes: - CVE-2021-3429: Do not write the generated password to the log file. bsc11847...
CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429 sensitive data exposure in cloud-init logs
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429 sensitive data exposure in cloud-init logs
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
EulerOS Virtualization 3.0.6.0 : cloud-init (EulerOS-SA-2022-1058)
According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to...
Mageia: Security Advisory (MGASA-2021-0494)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2021-2680)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2021-2624)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : cloud-init (EulerOS-SA-2021-2624)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the...
Updated cloud-init packages fix security vulnerability
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....
MGASA-2021-0494 Updated cloud-init packages fix security vulnerability
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....
OESA-2021-1372 cloud-init security update
Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fixes: CVE-2021-3429...
Moderate: Red Hat Security Advisory: cloud-init security update
An update for cloud-init is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Moderate: Red Hat Security Advisory: cloud-init security update
An update for cloud-init is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
CentOS 8 : cloud-init (CESA-2021:3081)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:3081 advisory. - cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Note that Nessus has not tested for this issue but has...
Oracle Linux 8 : cloud-init (ELSA-2021-3081)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-3081 advisory. - Resolves: bz1979252 CVE-2021-3429 cloud-init: randomly generated passwords logged in clear-text to world-readable file rhel-8 rhel-8.4.0.z Tenable has extract...