20 matches found
Advisory ROSA-SA-2024-2410
Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...
EulerOS Virtualization 3.0.6.0 : cloud-init (EulerOS-SA-2023-3422)
According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. Th...
EulerOS 2.0 SP11 : cloud-init (EulerOS-SA-2023-2855)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...
EulerOS 2.0 SP11 : cloud-init (EulerOS-SA-2023-2838)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...
EulerOS 2.0 SP8 : cloud-init (EulerOS-SA-2023-3116)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-3422)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-2838)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-2855)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2023-2576)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-2576)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-2606)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-2084 affecting package cloud-init 21.4-3
CVE-2022-2084 affecting package cloud-init 21.4-3. A patched version of the package is available...
EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2349)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...
EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2375)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-2349)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2023-2375)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : cloud-init (SUSE-SU-2023:2628-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2628-1 advisory. - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. bsc1210277 - CVE-2022-2084: Fixed a bug which...
CVE-2022-2084
A vulnerability was found in cloud-init. With this flaw, sensitive data could be exposed in world-readable cloud-init logs when schema failures are reported. This issue leak could include hashed passwords...
CVE-2022-2084
CVE-2022-2084 affects cloud-init; before 22.3, schema failure reporting can write sensitive data to world-readable logs, potentially exposing hashed passwords. Impact requires local access with low privileges; remediation is to upgrade cloud-init to 22.3+ or apply vendor fixes as noted by related...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : cloud-init vulnerability (USN-5496-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5496-1 advisory. Mike Stroyan discovered that cloud-init could log password hashes when reporting schema failures. An attacker with access to these logs...