5.5

CVE-2023-5182

Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalSubiquity Version <= 23.09.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.113
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@ubuntu.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182
Patch
Third Party Advisory
https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c
Patch