Vulnerability Details CVE-2023-5182
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.0%
CVSS Severity
CVSS v3 Score 5.5
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182
- https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182
- https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c
Products affected by CVE-2023-5182
-
cpe:2.3:a:canonical:subiquity:0.0.10
-
cpe:2.3:a:canonical:subiquity:0.0.11
-
cpe:2.3:a:canonical:subiquity:0.0.12
-
cpe:2.3:a:canonical:subiquity:0.0.13
-
cpe:2.3:a:canonical:subiquity:0.0.21
-
cpe:2.3:a:canonical:subiquity:0.0.22
-
cpe:2.3:a:canonical:subiquity:0.0.23
-
cpe:2.3:a:canonical:subiquity:0.0.24
-
cpe:2.3:a:canonical:subiquity:0.0.24.1
-
cpe:2.3:a:canonical:subiquity:0.0.25
-
cpe:2.3:a:canonical:subiquity:0.0.26
-
cpe:2.3:a:canonical:subiquity:0.0.27
-
cpe:2.3:a:canonical:subiquity:0.0.28
-
cpe:2.3:a:canonical:subiquity:0.0.29
-
cpe:2.3:a:canonical:subiquity:0.0.3
-
cpe:2.3:a:canonical:subiquity:0.0.4
-
cpe:2.3:a:canonical:subiquity:0.0.5
-
cpe:2.3:a:canonical:subiquity:0.0.7
-
cpe:2.3:a:canonical:subiquity:0.0.8
-
cpe:2.3:a:canonical:subiquity:0.0.9
-
cpe:2.3:a:canonical:subiquity:19.04.1
-
cpe:2.3:a:canonical:subiquity:19.04.2
-
cpe:2.3:a:canonical:subiquity:19.04.3
-
cpe:2.3:a:canonical:subiquity:19.04.4
-
cpe:2.3:a:canonical:subiquity:19.04.5
-
cpe:2.3:a:canonical:subiquity:19.06.1
-
cpe:2.3:a:canonical:subiquity:19.07.1
-
cpe:2.3:a:canonical:subiquity:19.07.2
-
cpe:2.3:a:canonical:subiquity:19.07.3
-
cpe:2.3:a:canonical:subiquity:19.08.1
-
cpe:2.3:a:canonical:subiquity:19.09.1
-
cpe:2.3:a:canonical:subiquity:19.10.1
-
cpe:2.3:a:canonical:subiquity:19.10.2
-
cpe:2.3:a:canonical:subiquity:19.11.1
-
cpe:2.3:a:canonical:subiquity:19.12.1
-
cpe:2.3:a:canonical:subiquity:19.12.1.1
-
cpe:2.3:a:canonical:subiquity:19.12.1.5
-
cpe:2.3:a:canonical:subiquity:19.12.2
-
cpe:2.3:a:canonical:subiquity:20.03.1
-
cpe:2.3:a:canonical:subiquity:20.03.2
-
cpe:2.3:a:canonical:subiquity:20.03.3
-
cpe:2.3:a:canonical:subiquity:20.04.1
-
cpe:2.3:a:canonical:subiquity:20.04.2
-
cpe:2.3:a:canonical:subiquity:20.04.3
-
cpe:2.3:a:canonical:subiquity:20.05.1
-
cpe:2.3:a:canonical:subiquity:20.05.2
-
cpe:2.3:a:canonical:subiquity:20.06.1
-
cpe:2.3:a:canonical:subiquity:20.07.1
-
cpe:2.3:a:canonical:subiquity:20.09.1
-
cpe:2.3:a:canonical:subiquity:21.01.1
-
cpe:2.3:a:canonical:subiquity:21.01.2
-
cpe:2.3:a:canonical:subiquity:21.04.1
-
cpe:2.3:a:canonical:subiquity:21.04.2
-
cpe:2.3:a:canonical:subiquity:21.04.2.1
-
cpe:2.3:a:canonical:subiquity:21.06.01
-
cpe:2.3:a:canonical:subiquity:21.06.1
-
cpe:2.3:a:canonical:subiquity:21.08.01
-
cpe:2.3:a:canonical:subiquity:21.08.1
-
cpe:2.3:a:canonical:subiquity:21.08.2
-
cpe:2.3:a:canonical:subiquity:21.10.1
-
cpe:2.3:a:canonical:subiquity:21.10.2
-
cpe:2.3:a:canonical:subiquity:21.10.3
-
cpe:2.3:a:canonical:subiquity:21.12.1
-
cpe:2.3:a:canonical:subiquity:21.12.2
-
cpe:2.3:a:canonical:subiquity:22.02.1
-
cpe:2.3:a:canonical:subiquity:22.02.2
-
cpe:2.3:a:canonical:subiquity:22.04.1
-
cpe:2.3:a:canonical:subiquity:22.04.2
-
cpe:2.3:a:canonical:subiquity:22.05.1
-
cpe:2.3:a:canonical:subiquity:22.06.1
-
cpe:2.3:a:canonical:subiquity:22.07.1
-
cpe:2.3:a:canonical:subiquity:22.07.2
-
cpe:2.3:a:canonical:subiquity:22.10.1
-
cpe:2.3:a:canonical:subiquity:22.12.1
-
cpe:2.3:a:canonical:subiquity:23.02.1
-
cpe:2.3:a:canonical:subiquity:23.04.1
-
cpe:2.3:a:canonical:subiquity:23.04.2
-
cpe:2.3:a:canonical:subiquity:23.04.3
-
cpe:2.3:a:canonical:subiquity:23.08.1
-
cpe:2.3:a:canonical:subiquity:23.09.1