CVE-2020-8632: In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to…

medium5.5CVSS 3.1

AVLACLPRLUINSUCHINAN

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

Affected

11 ranges

Vendor	Product	Version range	Fixed in
canonical	cloud-init	<= 19.4	—
canonical	cloud-init	>= 0 < 19.4-2	19.4-2
canonical	cloud-init	>= 0 < 19.4-2	19.4-2
canonical	cloud-init	>= 0 < 19.4-2	19.4-2
canonical	cloud-init	>= 0 < 19.4-2	19.4-2
debian	cloud-init	< cloud-init 19.4-2 (bookworm)	cloud-init 19.4-2 (bookworm)
debian	debian_linux	—	—
msrc	cbl_mariner_1.0_arm	—	—
msrc	cbl_mariner_1.0_x64	—	—
msrc	cm1_cloud-init_19.1-5_on_cbl_mariner_1.0	—	—
opensuse	leap	—	—

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

osv5.5MEDIUM