Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Subiquity by Canonical

    CVE-2022-0555 (GCVE-0-2022-0555)

    Vulnerability from nvd – Published: 2024-06-03 18:17 – Updated: 2024-08-02 23:32
    VLAI
    Summary
    Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    Impacted products
    Vendor Product Version
    Canonical Ltd. subiquity Affected: 0 , < 22.02.1 (semver)
    Create a notification for this product.
    canonical subiquity Affected: 0 , < 22.02.1 (semver)
        cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "subiquity",
                "vendor": "canonical",
                "versions": [
                  {
                    "lessThan": "22.02.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0555",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-05T17:41:55.971187Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-256",
                    "description": "CWE-256 Plaintext Storage of a Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T17:51:14.536Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/canonical/subiquity/pull/1181"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/canonical/subiquity/pull/1182"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "subiquity",
              "platforms": [
                "Linux"
              ],
              "product": "subiquity",
              "repo": "https://github.com/canonical/subiquity",
              "vendor": "Canonical Ltd.",
              "versions": [
                {
                  "lessThan": "22.02.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-03T18:17:35.956Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/canonical/subiquity/pull/1181"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/canonical/subiquity/pull/1182"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2022-0555",
        "datePublished": "2024-06-03T18:17:35.956Z",
        "dateReserved": "2022-02-10T02:44:55.484Z",
        "dateUpdated": "2024-08-02T23:32:46.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5182 (GCVE-0-2023-5182)

    Vulnerability from nvd – Published: 2023-10-06 23:28 – Updated: 2024-09-19 16:41
    VLAI
    Summary
    Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Canonical Ltd. subiquity Affected: 0 , ≤ 23.09.1 (semver)
    Create a notification for this product.
    Date Public
    2023-10-04 00:00
    Credits
    Patric Åhlin Johan Hortling
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:07.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T16:41:20.619067Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T16:41:29.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "subiquity",
              "platforms": [
                "Linux"
              ],
              "product": "subiquity",
              "repo": "https://github.com/canonical/subiquity",
              "vendor": "Canonical Ltd.",
              "versions": [
                {
                  "lessThanOrEqual": "23.09.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Patric \u00c5hlin"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Johan Hortling"
            }
          ],
          "datePublic": "2023-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T23:28:48.953Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2023-5182",
        "datePublished": "2023-10-06T23:28:48.953Z",
        "dateReserved": "2023-09-25T18:11:51.008Z",
        "dateUpdated": "2024-09-19T16:41:29.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11932 (GCVE-0-2020-11932)

    Vulnerability from nvd – Published: 2020-05-13 00:20 – Updated: 2024-09-16 23:05
    VLAI
    Title
    Subiquity server installer logged LUKS full disk encryption password
    Summary
    It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
    CWE
    • CWE-532 - Information Exposure Through Log Files
    Assigner
    References
    Impacted products
    Vendor Product Version
    Canonical Subiquity Affected: unspecified , < 20.05.2 (custom)
    Create a notification for this product.
    Date Public
    2020-05-11 00:00
    Credits
    Moritz Naumann from Alice&Bob.Company GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Subiquity",
              "vendor": "Canonical",
              "versions": [
                {
                  "lessThan": "20.05.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moritz Naumann from Alice\u0026Bob.Company GmbH"
            }
          ],
          "datePublic": "2020-05-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Information Exposure Through Log Files",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-03T17:03:51.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1878115"
            ],
            "discovery": "USER"
          },
          "title": "Subiquity server installer logged LUKS full disk encryption password",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2020-05-11T00:00:00.000Z",
              "ID": "CVE-2020-11932",
              "STATE": "PUBLIC",
              "TITLE": "Subiquity server installer logged LUKS full disk encryption password"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Subiquity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20.05.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canonical"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Moritz Naumann from Alice\u0026Bob.Company GmbH"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532 Information Exposure Through Log Files"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613",
                  "refsource": "MISC",
                  "url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
                },
                {
                  "name": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/",
                  "refsource": "MISC",
                  "url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1878115"
              ],
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2020-11932",
        "datePublished": "2020-05-13T00:20:13.011Z",
        "dateReserved": "2020-04-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:48.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0555 (GCVE-0-2022-0555)

    Vulnerability from cvelistv5 – Published: 2024-06-03 18:17 – Updated: 2024-08-02 23:32
    VLAI
    Summary
    Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    Impacted products
    Vendor Product Version
    Canonical Ltd. subiquity Affected: 0 , < 22.02.1 (semver)
    Create a notification for this product.
    canonical subiquity Affected: 0 , < 22.02.1 (semver)
        cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "subiquity",
                "vendor": "canonical",
                "versions": [
                  {
                    "lessThan": "22.02.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0555",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-05T17:41:55.971187Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-256",
                    "description": "CWE-256 Plaintext Storage of a Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T17:51:14.536Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/canonical/subiquity/pull/1181"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/canonical/subiquity/pull/1182"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "subiquity",
              "platforms": [
                "Linux"
              ],
              "product": "subiquity",
              "repo": "https://github.com/canonical/subiquity",
              "vendor": "Canonical Ltd.",
              "versions": [
                {
                  "lessThan": "22.02.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-03T18:17:35.956Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/canonical/subiquity/pull/1181"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/canonical/subiquity/pull/1182"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2022-0555",
        "datePublished": "2024-06-03T18:17:35.956Z",
        "dateReserved": "2022-02-10T02:44:55.484Z",
        "dateUpdated": "2024-08-02T23:32:46.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5182 (GCVE-0-2023-5182)

    Vulnerability from cvelistv5 – Published: 2023-10-06 23:28 – Updated: 2024-09-19 16:41
    VLAI
    Summary
    Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Canonical Ltd. subiquity Affected: 0 , ≤ 23.09.1 (semver)
    Create a notification for this product.
    Date Public
    2023-10-04 00:00
    Credits
    Patric Åhlin Johan Hortling
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:07.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T16:41:20.619067Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T16:41:29.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "subiquity",
              "platforms": [
                "Linux"
              ],
              "product": "subiquity",
              "repo": "https://github.com/canonical/subiquity",
              "vendor": "Canonical Ltd.",
              "versions": [
                {
                  "lessThanOrEqual": "23.09.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Patric \u00c5hlin"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Johan Hortling"
            }
          ],
          "datePublic": "2023-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T23:28:48.953Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2023-5182",
        "datePublished": "2023-10-06T23:28:48.953Z",
        "dateReserved": "2023-09-25T18:11:51.008Z",
        "dateUpdated": "2024-09-19T16:41:29.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11932 (GCVE-0-2020-11932)

    Vulnerability from cvelistv5 – Published: 2020-05-13 00:20 – Updated: 2024-09-16 23:05
    VLAI
    Title
    Subiquity server installer logged LUKS full disk encryption password
    Summary
    It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
    CWE
    • CWE-532 - Information Exposure Through Log Files
    Assigner
    References
    Impacted products
    Vendor Product Version
    Canonical Subiquity Affected: unspecified , < 20.05.2 (custom)
    Create a notification for this product.
    Date Public
    2020-05-11 00:00
    Credits
    Moritz Naumann from Alice&Bob.Company GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Subiquity",
              "vendor": "Canonical",
              "versions": [
                {
                  "lessThan": "20.05.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moritz Naumann from Alice\u0026Bob.Company GmbH"
            }
          ],
          "datePublic": "2020-05-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Information Exposure Through Log Files",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-03T17:03:51.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1878115"
            ],
            "discovery": "USER"
          },
          "title": "Subiquity server installer logged LUKS full disk encryption password",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2020-05-11T00:00:00.000Z",
              "ID": "CVE-2020-11932",
              "STATE": "PUBLIC",
              "TITLE": "Subiquity server installer logged LUKS full disk encryption password"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Subiquity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20.05.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canonical"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Moritz Naumann from Alice\u0026Bob.Company GmbH"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532 Information Exposure Through Log Files"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613",
                  "refsource": "MISC",
                  "url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
                },
                {
                  "name": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/",
                  "refsource": "MISC",
                  "url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1878115"
              ],
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2020-11932",
        "datePublished": "2020-05-13T00:20:13.011Z",
        "dateReserved": "2020-04-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:48.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }