CVE-2023-5182Log File Information Exposure in LTD Subiquity

CWE-532Log File Information Exposure4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 91.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical LTD SubiquityCanonical Subiquity
Timeline
PublishedOct 7

Description

Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDcanonical/subiquity23.09.1
CVEListV5canonical_ltd/subiquity23.09.1

Patches

Patch: cve.mitre.orgPatch: github.comPatch: cve.mitre.org

🔴Vulnerability Details

3
GHSA
GHSA-9j7r-mqx9-67mv: Sensitive data could be exposed in logs of subiquity version 232023-10-07
CVEList
CVE-2023-5182: Sensitive data could be exposed in logs of subiquity version 232023-10-06
OSV
CVE-2023-5182: Sensitive data could be exposed in logs of subiquity version 232023-10-04
CVE-2023-5182 — Log File Information Exposure | cvebase