Cloud-init Sensitive Data in Logs Before 23.1.2
CVE-2023-1786 Published on April 26, 2023
sensitive data exposure in cloud-init logs
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
Vulnerability Analysis
CVE-2023-1786 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2023-1786
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-1786 are published in these products:
Affected Versions
Canonical Ltd. cloud-init:- Before 23.1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.