RSS   Podatności dla 'Cloud-init'   RSS

2020-02-05
 
CVE-2020-8632

CWE-522
 

 
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

 
 
CVE-2020-8631

CWE-330
 

 
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.

 
2019-11-25
 
CVE-2012-6639

CWE-269
 

 
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

 

 >>> Vendor: Canonical 35 Produkty
Spread
Ubuntu linux
Ubuntu enterprise cloud
PHP5
Ubuntu software properties
Telepathy-idle
MAAS
Libpam-modules
Update-manager
Accountsservice
Software-properties
Ltsp display manager
Acpi-support
Reportbug
Ubuntu
Lxcfs
Ubuntu core
Ubuntu touch
Ubuntu-core-launcher
LXD
Openstack ironic
JUJU
Ubuntu-image
Bazaar
Screen-resolution-extra
Apparmor
Ubuntu download manager
Snapd
Apt-xapian-index
Metal as a service
Cloud-init
Ubuntu cobbler
Microk8s
C-kernel
Subiquity


Copyright 2020, cxsecurity.com

 

Back to Top