CVE-2020-11932Log File Information Exposure in Subiquity

CWE-532Log File Information Exposure4 documents4 sources
Severity
2.3LOWNVD
EPSS
1.7%
top 17.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Canonical Subiquity
Timeline
PublishedMay 13
Latest updateMay 24

Description

It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5canonical/subiquityunspecified20.05.2
NVDcanonical/subiquity< 20.05.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-x6j6-cjpj-gpm9: It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered2022-05-24
CVEList
Subiquity server installer logged LUKS full disk encryption password2020-05-13
OSV
CVE-2020-11932: It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered2020-05-12
CVE-2020-11932 — Log File Information Exposure | cvebase