Sensitive Data Exposure Vulnerability in Subiquity by Canonical
CVE-2023-5182

5.5MEDIUM

Key Information:

Vendor: Canonical Ltd.
Status: Subiquity
Vendor: CVE Published:; 7 October 2023

Summary

In Subiquity versions 23.09.1 and earlier, sensitive data may be inadvertently logged, exposing potential security risks. Attackers within the administrative group can exploit this flaw to access hashed passwords and potentially escalate their privileges within the system. This could lead to unauthorized access and control over sensitive resources, impacting overall system security.

Affected Version(s)

subiquity Linux 0 <= 23.09.1

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182

issue-tracking

https://github.com/canonical/subiquity/pull/1820/commits/...

issue-tracking

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 7, 2023
Vulnerability Reserved
Sep 25, 2023

Credit

Patric Åhlin

Johan Hortling