CVE-2023-1786 MEDIUM

CVE-2023-1786: sensitive data exposure in cloud-init logs

Vendor Canonical Ltd.
Product cloud-init
Weakness CWE-532 · Sensitive info in logs
Published April 26, 2023
Last update February 13, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

Key dates

02Disclosure timeline

April 26, 2023 CVE published
February 13, 2025 Record updated