VYPR

rpm package

suse/cloud-init&distro=SUSE Linux Enterprise Module for Public Cloud 15

pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015

Vulnerabilities (3)

  • CVE-2020-8632Feb 5, 2020
    affected < 19.4-5.24.1fixed 19.4-5.24.1

    In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

  • CVE-2020-8631Feb 5, 2020
    affected < 19.4-5.24.1fixed 19.4-5.24.1

    cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.

  • CVE-2019-0816Apr 9, 2019
    affected < 19.2-5.18.1fixed 19.2-5.18.1

    A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.