Unrated severityNVD Advisory· Published Feb 5, 2020· Updated Aug 4, 2024
CVE-2020-8631
CVE-2020-8631
Description
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- cloud-init/cloud-initdescription
- osv-coords5 versionspkg:rpm/opensuse/cloud-init&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cloud-init&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1
< 19.4-lp151.2.15.1+ 4 more
- (no CPE)range: < 19.4-lp151.2.15.1
- (no CPE)range: < 21.2-1.2
- (no CPE)range: < 19.4-37.39.1
- (no CPE)range: < 19.4-5.24.1
- (no CPE)range: < 19.4-8.17.1
Patches
Vulnerability mechanics
References
4- lists.opensuse.org/opensuse-security-announce/2020-03/msg00042.htmlmitrevendor-advisoryx_refsource_SUSE
- bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795mitrex_refsource_MISC
- github.com/canonical/cloud-init/pull/204mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/02/msg00021.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.