CVE-2022-2084

CVE	CVE-2022-2084
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-04-19 22:15:00 UTC
Updated	2023-05-01 17:39:00 UTC
Description	Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.

Problem Types: CWE-532

Type	Vendor	Product	Version	Update	Edition	Language
Application	Canonical	Cloud-init	All	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Canonical	Ubuntu Linux	21.10	All	All	All
Operating System	Canonical	Ubuntu Linux	22.04	All	All	All

Reference	Source	Link	Tags
Remove schema errors from log (#1551) · canonical/cloud-init@4d467b1 · GitHub	MISC	github.com
USN-5496-1: cloud-init vulnerability \| Ubuntu security notices \| Ubuntu	MISC	ubuntu.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

182783 Debian Security Update for cloud-init (CVE-2022-2084)
198844 Ubuntu Security Notification for cloud-init Vulnerability (USN-5496-1)
502410 Alpine Linux Security Update for cloud-init
504625 Alpine Linux Security Update for cloud-init
673215 EulerOS Security Update for cloud-init (EulerOS-SA-2023-2349)
673255 EulerOS Security Update for cloud-init (EulerOS-SA-2023-2375)
673280 EulerOS Security Update for cloud-init (EulerOS-SA-2023-2576)
673307 EulerOS Security Update for cloud-init (EulerOS-SA-2023-2606)
673422 EulerOS Security Update for cloud-init (EulerOS-SA-2023-2855)
673451 EulerOS Security Update for cloud-init (EulerOS-SA-2023-3116)
674039 EulerOS Security Update for cloud-init (EulerOS-SA-2023-2838)
907057 Common Base Linux Mariner (CBL-Mariner) Security Update for cloud-init (26360-1)