Cloud Init

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:canonical_ltd.:cloud-init:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorCanonical Ltd. (21cecf50-6351-52a5-ba2e-69c633014465)
ProductCloud Init (ba67f002-4e0e-5678-b27b-a5bf8f2ac9fa)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-1786 vulnerable 2026-06-03 14:48:56.499926 sensitive data exposure in cloud-init logs
MEDIUM (5.5)
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
Published: 2023-04-26T22:23:47.305Z
Updated: 2025-02-13T16:39:30.230Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-2084 vulnerable 2026-06-03 14:47:00.217380 sensitive data exposure in cloud-init logs
MEDIUM (5.5)
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.
Published: 2023-04-19T21:47:41.034Z
Updated: 2025-02-05T14:42:29.207Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-3429 vulnerable 2026-06-03 14:45:10.544396 sensitive data exposure in cloud-init logs
MEDIUM (5.5)
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
Published: 2023-04-19T21:42:02.402Z
Updated: 2025-02-05T14:44:18.828Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.