Lucene search
K
CanonicalCloud-init

9 matches found

CVE
CVE
added 2018/08/01 5:0 p.m.249 views

CVE-2018-10896

CVE-2018-10896 is confirmed in multiple Nessus/OpenVAS entries tied to cloud-init. The issue arises from the default cloud-init configuration (ssh_deletekeys: 0) introduced in cloud-init 0.6.2 and newer, which disables deletion of SSH host keys on new instances. This can allow cloned golden-maste...

7.1CVSS6.5AI score0.00354EPSS
CVE
CVE
added 2023/04/19 9:47 p.m.230 views

CVE-2022-2084

CVE-2022-2084 affects cloud-init; before 22.3, schema failure reporting can write sensitive data to world-readable logs, potentially exposing hashed passwords. Impact requires local access with low privileges; remediation is to upgrade cloud-init to 22.3+ or apply vendor fixes as noted by related...

5.5CVSS5.2AI score0.00236EPSS
CVE
CVE
added 2020/02/05 1:39 p.m.205 views

CVE-2020-8631

CVE-2020-8631 affects cloud-init up to version 19.4, where the random password is generated using rand_str in cloudinit/util.py that calls random.choice (Mersenne Twister). This weak RNG can allow a local attacker to predict the generated password; CVE-2020-8632 reports a short default password l...

5.5CVSS5.5AI score0.00438EPSS
CVE
CVE
added 2020/02/05 1:40 p.m.202 views

CVE-2020-8632

In cloud-init up to 19.4, CVE-2020-8632 affects rand_user_password in cloudinit/config/cc_set_passwords.py, where a small default pwlen makes password guessing easier. This is a local vulnerability (attack vector: LOCAL) with partial confidentiality impact and no integrity/availability impact per...

5.5CVSS5.5AI score0.00368EPSS
CVE
CVE
added 2023/04/19 9:42 p.m.182 views

CVE-2021-3429

CVE-2021-3429 affects cloud-init; pre-21.2 versions log randomly generated passwords to /var/log/cloud-init-output.log, enabling local user login as another user. Several advisories note updates that fix this vulnerability; remediation is to apply vendor-supplied updates (e.g., cloud-init version...

5.5CVSS5.2AI score0.00219EPSS
Web
CVE
CVE
added 2023/04/26 10:23 p.m.150 views

CVE-2023-1786

CVE-2023-1786 affects cloud-init and leads to sensitive data exposure in logs prior to version 23.1.2. The root cause is logging of sensitive information (e.g., hashed passwords), which could allow an attacker with local access to read confidential data. Impact is limited to confidentiality (high...

5.5CVSS5.3AI score0.00263EPSS
CVE
CVE
added 2025/06/26 9:15 a.m.70 views

CVE-2024-6174

Summary: CVE-2024-6174 affects cloud-init. When a non-x86 platform is detected, it could grant root access to a hardcoded URL with a local IP. This is the underlying cause. Impact: High (CVSS v3.1: 8.8, privileges required: none, user interaction: none, scope: unchanged). Affected scope (from con...

8.8CVSS7AI score0.00203EPSS
CVE
CVE
added 2025/06/26 9:25 a.m.55 views

CVE-2024-11584

CVE-2024-11584 affects cloud-init up to 25.1.2 where the systemd socket unit cloud-init-hotplugd.socket uses 0666 permissions, making the /run/cloud-init/hook-hotplug-cmd FIFO world-writable. This enables an unprivileged user to trigger hotplug-hook commands. The connected Nessus advisories confi...

5.9CVSS6.6AI score0.00121EPSS
CVE
CVE
added 2019/11/25 5:29 p.m.53 views

CVE-2012-6639

CVE-2012-6639 describes a privilege-elevation vulnerability in Cloud-init prior to 0.7.0. The issue occurs when requests to an untrusted system are made for EC2 instance data, allowing an attacker with network access to leverage low-privileged execution to gain higher privileges. The available co...

9CVSS8.6AI score0.02049EPSS