CVE-2022-4968Exposure of Sensitive System Information to an Unauthorized Control Sphere in Netplan

CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-200Sensitive Information Exposure7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 41.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Canonical NetplanDebian Netplan.ioCanonical LTD Netplan+5 more
Timeline
PublishedJun 7
Latest updateJun 26

Description

netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages8 packages

NVDcanonical/netplan< 1.0.1
debiandebian/netplan.io< netplan.io 1.0.1-1 (forky)
CVEListV5canonical_ltd/netplan1.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-xpvm-9wx5-vjpw: netplan leaks the private key of wireguard to local users2024-06-07
OSV
CVE-2022-4968: netplan leaks the private key of wireguard to local users2024-06-07

📋Vendor Advisories

4
Ubuntu
Netplan vulnerabilities2024-06-26
Microsoft
netplan leaks the private key of wireguard to local users.2024-06-11
Red Hat
vim: Heap-based Buffer Overflow in cindent.c2022-05-17
Debian
CVE-2022-4968: netplan.io - netplan leaks the private key of wireguard to local users. Versions after 1.0 ar...2022