CVE-2021-3429
Summary
| CVE | CVE-2021-3429 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-04-19 22:15:00 UTC |
|---|
| Updated | 2023-05-04 13:00:00 UTC |
|---|
| Description | When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| write passwords only to serial console, lock down cloud-init-output.l… · canonical/cloud-init@b794d42 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159349 Oracle Enterprise Linux Security Update for cloud-init (ELSA-2021-3081)
- 178497 Debian Security Update for cloud-init (DLA 2601-1)
- 180482 Debian Security Update for cloud-init (CVE-2021-3429)
- 239544 Red Hat Update for cloud-init (RHSA-2021:3081)
- 239568 Red Hat Update for cloud-init (RHSA-2021:3177)
- 239595 Red Hat Update for cloud-init (RHSA-2021:3371)
- 352245 Amazon Linux Security Advisory for cloud-init: ALAS-2021-1486
- 352248 Amazon Linux Security Advisory for cloud-init: ALAS2-2021-1620
- 501533 Alpine Linux Security Update for cloud-init
- 501825 Alpine Linux Security Update for cloud-init
- 504624 Alpine Linux Security Update for cloud-init
- 670830 EulerOS Security Update for cloud-init (EulerOS-SA-2021-2705)
- 670981 EulerOS Security Update for cloud-init (EulerOS-SA-2021-2680)
- 671021 EulerOS Security Update for cloud-init (EulerOS-SA-2021-2624)
- 940371 AlmaLinux Security Update for cloud-init (ALSA-2021:3081)
- 960046 Rocky Linux Security Update for cloud-init (RLSA-2021:3081)
