Unrated severityNVD Advisory· Published Apr 26, 2023· Updated Feb 13, 2025
sensitive data exposure in cloud-init logs
CVE-2023-1786
Description
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- osv-coords12 versionspkg:rpm/almalinux/cloud-initpkg:rpm/opensuse/cloud-init&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/cloud-init&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/cloud-init&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Micro%206.1
< 23.1.1-11.el9.alma.1+ 11 more
- (no CPE)range: < 23.1.1-11.el9.alma.1
- (no CPE)range: < 23.1-150100.8.66.1
- (no CPE)range: < 23.1-150100.8.66.1
- (no CPE)range: < 23.1-2.1
- (no CPE)range: < 20.2-37.57.1
- (no CPE)range: < 23.1-150100.8.66.1
- (no CPE)range: < 23.1-150100.8.66.1
- (no CPE)range: < 23.1-150100.8.66.1
- (no CPE)range: < 23.1-150100.8.66.1
- (no CPE)range: < 23.1-150100.8.66.1
- (no CPE)range: < 25.1.3-1.1
- (no CPE)range: < 25.1.3-slfo.1.1_1.1
- Canonical Ltd./cloud-initv5Range: 0
Patches
Vulnerability mechanics
References
4- github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6bmitrepatch
- ubuntu.com/security/notices/USN-6042-1mitrevendor-advisory
- bugs.launchpad.net/cloud-init/+bug/2013967mitreissue-tracking
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/mitre
News mentions
0No linked articles in our index yet.