CVE-2020-8632

Debian Bug report logs - #951363 cloud-init: CVE-2020-8632 Package: src:cloud-init; Maintainer for src:cloud-init is Debian Cloud Team <debian-cloud@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Feb 2020 10:42:03 UTC Severity: important Tags: fixed-upstream, security, upstream ...

Synopsis Moderate: cloud-init security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for cloud-init is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...

Synopsis Moderate: cloud-init security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for cloud-init is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...

The default cloud-init configuration included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks (CVE-2018-10896) A flaw ...

A flaw was found in cloud-init, where it uses the randomchoice function when creating sensitive random strings used for generating a random password in new instances Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user (CVE-2020-8631) A flaw was found in cloud-i ...