When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: canonical
Published: 2023-04-19T21:42:02.402Z
Updated: 2024-08-03T16:53:17.576Z
Reserved: 2021-03-10T23:54:34.444Z
Link: CVE-2021-3429
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-19T22:15:10.137
Modified: 2024-11-21T06:21:29.237
Link: CVE-2021-3429
Redhat