CVE-2023-5182
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical Ltd. | subiquity | 0 <= 23.09.1 | affected |
Weaknesses
- CWE-532: CWE-532
ADP Enrichment
CVE Program Container
Additional References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182
- https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182
- https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.