Subiquity Exposes Plaintext Passphrase with Full Access
CVE-2022-0555

Currently unrated

Key Information:

Vendor: Canonical Ltd.
Status: Subiquity
Vendor: CVE Published:; 3 June 2024

Summary

A security concern has been identified in Canonical's Subiquity, where the guided storage passphrase is displayed in plaintext, allowing unauthorized users with read permissions to access sensitive information. This exposure poses significant risks for system integrity and data confidentiality, particularly in environments where sensitive configurations are managed. Proper security practices should be employed to mitigate the risks associated with this vulnerability.

Affected Version(s)

subiquity Linux 0 < 22.02.1

References

https://bugs.launchpad.net/subiquity/+bug/1960162

issue-tracking

https://www.cve.org/CVERecord?id=CVE-2022-0555

issue-tracking

https://github.com/canonical/subiquity/pull/1181

issue-tracking

Timeline

Vulnerability published
Jun 3, 2024
Vulnerability Reserved
Feb 10, 2022