rpm package
suse/cloud-init&distro=SUSE Linux Enterprise Module for Public Cloud 15
pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8632 | — | < 19.4-5.24.1 | 19.4-5.24.1 | Feb 5, 2020 | In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | ||
| CVE-2020-8631 | — | < 19.4-5.24.1 | 19.4-5.24.1 | Feb 5, 2020 | cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | ||
| CVE-2019-0816 | — | < 19.2-5.18.1 | 19.2-5.18.1 | Apr 9, 2019 | A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'. |
- CVE-2020-8632Feb 5, 2020affected < 19.4-5.24.1fixed 19.4-5.24.1
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
- CVE-2020-8631Feb 5, 2020affected < 19.4-5.24.1fixed 19.4-5.24.1
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
- CVE-2019-0816Apr 9, 2019affected < 19.2-5.18.1fixed 19.2-5.18.1
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.