Search
Find a vulnerability
Search criteria
4 vulnerabilities found for subiquity by Canonical Ltd.
CVE-2022-0555 (GCVE-0-2022-0555)
Vulnerability from nvd – Published: 2024-06-03 18:17 – Updated: 2024-08-02 23:32
VLAI
Summary
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
Severity
8.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/subiquity/+bug/1960162 | issue-tracking |
| https://www.cve.org/CVERecord?id=CVE-2022-0555 | issue-tracking |
| https://github.com/canonical/subiquity/pull/1181 | issue-tracking |
| https://github.com/canonical/subiquity/pull/1182 | issue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | subiquity |
Affected:
0 , < 22.02.1
(semver)
|
|
| canonical | subiquity |
Affected:
0 , < 22.02.1
(semver)
cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "subiquity",
"vendor": "canonical",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T17:41:55.971187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:51:14.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:17:35.956Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-0555",
"datePublished": "2024-06-03T18:17:35.956Z",
"dateReserved": "2022-02-10T02:44:55.484Z",
"dateUpdated": "2024-08-02T23:32:46.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5182 (GCVE-0-2023-5182)
Vulnerability from nvd – Published: 2023-10-06 23:28 – Updated: 2024-09-19 16:41
VLAI
Summary
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
| https://github.com/canonical/subiquity/pull/1820/… | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | subiquity |
Affected:
0 , ≤ 23.09.1
(semver)
|
Date Public
2023-10-04 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T16:41:20.619067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:41:29.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "23.09.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Patric \u00c5hlin"
},
{
"lang": "en",
"type": "finder",
"value": "Johan Hortling"
}
],
"datePublic": "2023-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T23:28:48.953Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-5182",
"datePublished": "2023-10-06T23:28:48.953Z",
"dateReserved": "2023-09-25T18:11:51.008Z",
"dateUpdated": "2024-09-19T16:41:29.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0555 (GCVE-0-2022-0555)
Vulnerability from cvelistv5 – Published: 2024-06-03 18:17 – Updated: 2024-08-02 23:32
VLAI
Summary
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
Severity
8.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/subiquity/+bug/1960162 | issue-tracking |
| https://www.cve.org/CVERecord?id=CVE-2022-0555 | issue-tracking |
| https://github.com/canonical/subiquity/pull/1181 | issue-tracking |
| https://github.com/canonical/subiquity/pull/1182 | issue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | subiquity |
Affected:
0 , < 22.02.1
(semver)
|
|
| canonical | subiquity |
Affected:
0 , < 22.02.1
(semver)
cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "subiquity",
"vendor": "canonical",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T17:41:55.971187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:51:14.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:17:35.956Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-0555",
"datePublished": "2024-06-03T18:17:35.956Z",
"dateReserved": "2022-02-10T02:44:55.484Z",
"dateUpdated": "2024-08-02T23:32:46.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5182 (GCVE-0-2023-5182)
Vulnerability from cvelistv5 – Published: 2023-10-06 23:28 – Updated: 2024-09-19 16:41
VLAI
Summary
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
| https://github.com/canonical/subiquity/pull/1820/… | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | subiquity |
Affected:
0 , ≤ 23.09.1
(semver)
|
Date Public
2023-10-04 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T16:41:20.619067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:41:29.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "23.09.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Patric \u00c5hlin"
},
{
"lang": "en",
"type": "finder",
"value": "Johan Hortling"
}
],
"datePublic": "2023-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T23:28:48.953Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-5182",
"datePublished": "2023-10-06T23:28:48.953Z",
"dateReserved": "2023-09-25T18:11:51.008Z",
"dateUpdated": "2024-09-19T16:41:29.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}