Nixpkgs security tracker

Dismissed

Permalink CVE-2023-1786

5.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 1 year, 3 months ago by @fricklerhandwerk Activity log

Created suggestion 1 year, 3 months ago
@fricklerhandwerk dismissed 1 year, 3 months ago

sensitive data exposure in cloud-init logs

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

References

https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813… patchx_transferred
https://bugs.launchpad.net/cloud-init/+bug/2013967 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-6042-1 vendor-advisoryx_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred

Affected products

cloud-init

<23.1.2

Matching in nixpkgs

pkgs.cloud-init

Provides configuration and customization of cloud instance

nixos-unstable 24.2
- nixpkgs-unstable 24.2
- nixos-unstable-small 24.2

Package maintainers

@jfroche Jean-François Roche <jfroche@pyxel.be>
@illustris Harikrishnan R <me@illustris.tech>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.cloud-init

Package maintainers