PT-2023-31896 · Subiquity · Subiquity
Johan Hortling
+1
·
Publicado
2023-10-04
·
Atualizado
2023-10-11
·
CVE-2023-5182
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
subiquity versions 23.09.1 and earlier
Description
Sensitive data could be exposed in logs. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Recommendations
For subiquity versions 23.09.1 and earlier, update to a version later than 23.09.1 to prevent sensitive data exposure.
As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.
Correção
Insertion into Log File
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Subiquity