CVE-2020-11933MEDIUMCVSS 6.8≥ 2.45.2, < 2.45.2, revision 96592020-07-29
CVE-2020-11933 [MEDIUM] CWE-264 CVE-2020-11933: cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrict
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did no
cvelistv5nvd