Source: cloud-init Version: 22.4.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for cloud-init. CVE-2023-1786[0]: | Sensitive data could be exposed in logs of cloud-init before version | 23.1.2. An attacker could use this information to find hashed | passwords and possibly escalate their privilege. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-1786 https://www.cve.org/CVERecord?id=CVE-2023-1786 [1] https://bugs.launchpad.net/cloud-init/+bug/2013967 [2] https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b Please adjust the affected versions in the BTS as needed. Regards, Salvatore
