SSH Host Key Sharing Vulnerability in Cloud-init by Canonical
CVE-2018-10896

4.6MEDIUM

Key Information:

Vendor
Canonical
Status
Cloud-init
Vendor
CVE Published:
1 August 2018

Summary

A security issue exists in Cloud-init versions 0.6.2 and later due to the default configuration that allows the persistence of SSH host keys across cloned instances. The configuration option 'ssh_deletekeys: 0' prevents the deletion of SSH host keys by cloud-init, which can lead to multiple instances derived from a gold template sharing identical SSH keys. This raises significant security risks, including the potential for instances to impersonate each other and execute man-in-the-middle attacks, thus compromising the integrity and security of communications between instances.

Affected Version(s)

cloud-init 0.6.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10896
x_refsource_CONFIRM
https://bugs.launchpad.net/cloud-init/+bug/1781094
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1574338
x_refsource_CONFIRM

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.