When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2023-04-19T21:42:02.402Z

Updated: 2024-08-03T16:53:17.576Z

Reserved: 2021-03-10T23:54:34.444Z

Link: CVE-2021-3429

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-19T22:15:10.137

Modified: 2024-11-21T06:21:29.237

Link: CVE-2021-3429

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-03-23T00:00:00Z

Links: CVE-2021-3429 - Bugzilla