All the vulnerabilites related to Canonical Ltd. - subiquity
cve-2023-5182
Vulnerability from cvelistv5
Published
2023-10-06 23:28
Modified
2024-09-19 16:41
Severity ?
EPSS score ?
Summary
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Canonical Ltd. | subiquity |
Version: 0 ≤ 23.09.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:52:07.925Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-5182", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T16:41:20.619067Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T16:41:29.487Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "packageName": "subiquity", "platforms": [ "Linux" ], "product": "subiquity", "repo": "https://github.com/canonical/subiquity", "vendor": "Canonical Ltd.", "versions": [ { "lessThanOrEqual": "23.09.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Patric \u00c5hlin" }, { "lang": "en", "type": "finder", "value": "Johan Hortling" } ], "datePublic": "2023-10-04T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-06T23:28:48.953Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c" } ] } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2023-5182", "datePublished": "2023-10-06T23:28:48.953Z", "dateReserved": "2023-09-25T18:11:51.008Z", "dateUpdated": "2024-09-19T16:41:29.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-0555
Vulnerability from cvelistv5
Published
2024-06-03 18:17
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
References
▼ | URL | Tags |
---|---|---|
https://bugs.launchpad.net/subiquity/+bug/1960162 | issue-tracking | |
https://www.cve.org/CVERecord?id=CVE-2022-0555 | issue-tracking | |
https://github.com/canonical/subiquity/pull/1181 | issue-tracking | |
https://github.com/canonical/subiquity/pull/1182 | issue-tracking |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Canonical Ltd. | subiquity |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "subiquity", "vendor": "canonical", "versions": [ { "lessThan": "22.02.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-0555", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-05T17:41:55.971187Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-05T17:51:14.536Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:32:46.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://bugs.launchpad.net/subiquity/+bug/1960162" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://www.cve.org/CVERecord?id=CVE-2022-0555" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/canonical/subiquity/pull/1181" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/canonical/subiquity/pull/1182" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "packageName": "subiquity", "platforms": [ "Linux" ], "product": "subiquity", "repo": "https://github.com/canonical/subiquity", "vendor": "Canonical Ltd.", "versions": [ { "lessThan": "22.02.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions" } ], "providerMetadata": { "dateUpdated": "2024-06-03T18:17:35.956Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://bugs.launchpad.net/subiquity/+bug/1960162" }, { "tags": [ "issue-tracking" ], "url": "https://www.cve.org/CVERecord?id=CVE-2022-0555" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/canonical/subiquity/pull/1181" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/canonical/subiquity/pull/1182" } ] } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2022-0555", "datePublished": "2024-06-03T18:17:35.956Z", "dateReserved": "2022-02-10T02:44:55.484Z", "dateUpdated": "2024-08-02T23:32:46.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }