CVE-2022-2084

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions cloud-init versions prior to 22.3

Description Sensitive data could be exposed in world-readable logs of cloud-init when schema failures are reported, potentially including hashed passwords. This issue may allow an attacker to gain unauthorized access to information.

Recommendations For versions prior to 22.3, update to version 22.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the world-readable logs to minimize the risk of exploitation.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

ALT-PU-2022-3085

ALT-PU-2022-3195

BDU:2025-03969

CVE-2022-2084

OESA-2023-1290

OPENSUSE-SU-2024:12738-1

SUSE-SU-2023:2628-1

SUSE-SU-2023_2628-1

USN-5496-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Cloud-Init

CVE-2022-2084

Weakness Enumeration

Related Identifiers

Affected Products

References · 27