CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.9%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

Products affected by CVE-2020-8631

Canonical » Cloud-Init » Version: 0.5.0

cpe:2.3:a:canonical:cloud-init:0.5.0
Canonical » Cloud-Init » Version: 0.5.1

cpe:2.3:a:canonical:cloud-init:0.5.1
Canonical » Cloud-Init » Version: 0.5.10

cpe:2.3:a:canonical:cloud-init:0.5.10
Canonical » Cloud-Init » Version: 0.5.11

cpe:2.3:a:canonical:cloud-init:0.5.11
Canonical » Cloud-Init » Version: 0.5.12

cpe:2.3:a:canonical:cloud-init:0.5.12
Canonical » Cloud-Init » Version: 0.5.13

cpe:2.3:a:canonical:cloud-init:0.5.13
Canonical » Cloud-Init » Version: 0.5.14

cpe:2.3:a:canonical:cloud-init:0.5.14
Canonical » Cloud-Init » Version: 0.5.15

cpe:2.3:a:canonical:cloud-init:0.5.15
Canonical » Cloud-Init » Version: 0.5.2

cpe:2.3:a:canonical:cloud-init:0.5.2
Canonical » Cloud-Init » Version: 0.5.3

cpe:2.3:a:canonical:cloud-init:0.5.3
Canonical » Cloud-Init » Version: 0.5.4

cpe:2.3:a:canonical:cloud-init:0.5.4
Canonical » Cloud-Init » Version: 0.5.5

cpe:2.3:a:canonical:cloud-init:0.5.5
Canonical » Cloud-Init » Version: 0.5.6

cpe:2.3:a:canonical:cloud-init:0.5.6
Canonical » Cloud-Init » Version: 0.5.8

cpe:2.3:a:canonical:cloud-init:0.5.8
Canonical » Cloud-Init » Version: 0.6.0

cpe:2.3:a:canonical:cloud-init:0.6.0
Canonical » Cloud-Init » Version: 0.6.1

cpe:2.3:a:canonical:cloud-init:0.6.1
Canonical » Cloud-Init » Version: 0.6.2

cpe:2.3:a:canonical:cloud-init:0.6.2
Canonical » Cloud-Init » Version: 0.6.3

cpe:2.3:a:canonical:cloud-init:0.6.3
Canonical » Cloud-Init » Version: 0.7.0

cpe:2.3:a:canonical:cloud-init:0.7.0
Canonical » Cloud-Init » Version: 0.7.1

cpe:2.3:a:canonical:cloud-init:0.7.1
Canonical » Cloud-Init » Version: 0.7.2

cpe:2.3:a:canonical:cloud-init:0.7.2
Canonical » Cloud-Init » Version: 0.7.3

cpe:2.3:a:canonical:cloud-init:0.7.3
Canonical » Cloud-Init » Version: 0.7.4

cpe:2.3:a:canonical:cloud-init:0.7.4
Canonical » Cloud-Init » Version: 0.7.5

cpe:2.3:a:canonical:cloud-init:0.7.5
Canonical » Cloud-Init » Version: 0.7.6

cpe:2.3:a:canonical:cloud-init:0.7.6
Canonical » Cloud-Init » Version: 0.7.7

cpe:2.3:a:canonical:cloud-init:0.7.7
Canonical » Cloud-Init » Version: 0.7.8

cpe:2.3:a:canonical:cloud-init:0.7.8
Canonical » Cloud-Init » Version: 0.7.9

cpe:2.3:a:canonical:cloud-init:0.7.9
Canonical » Cloud-Init » Version: 17.1

cpe:2.3:a:canonical:cloud-init:17.1
Canonical » Cloud-Init » Version: 17.2

cpe:2.3:a:canonical:cloud-init:17.2
Canonical » Cloud-Init » Version: 18.1

cpe:2.3:a:canonical:cloud-init:18.1
Canonical » Cloud-Init » Version: 18.2

cpe:2.3:a:canonical:cloud-init:18.2
Canonical » Cloud-Init » Version: 18.3

cpe:2.3:a:canonical:cloud-init:18.3
Canonical » Cloud-Init » Version: 18.4

cpe:2.3:a:canonical:cloud-init:18.4
Canonical » Cloud-Init » Version: 19.1

cpe:2.3:a:canonical:cloud-init:19.1
Canonical » Cloud-Init » Version: 19.2

cpe:2.3:a:canonical:cloud-init:19.2
Canonical » Cloud-Init » Version: 19.3

cpe:2.3:a:canonical:cloud-init:19.3
Canonical » Cloud-Init » Version: 19.4

cpe:2.3:a:canonical:cloud-init:19.4
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8631

Products

Pricing

Contact Us