Sensitive Data Exposure Vulnerability in Subiquity by Canonical
CVE-2023-5182

5.5MEDIUM

Key Information:

Vendor: Canonical Ltd.
Status: Subiquity
Vendor: CVE Published:; 7 October 2023

🔔 Create Canonical Ltd. Vulnerability Alert

What is CVE-2023-5182?

In Subiquity versions 23.09.1 and earlier, sensitive data may be inadvertently logged, exposing potential security risks. Attackers within the administrative group can exploit this flaw to access hashed passwords and potentially escalate their privileges within the system. This could lead to unauthorized access and control over sensitive resources, impacting overall system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

subiquity Linux 0 <= 23.09.1

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182

issue-tracking

https://github.com/canonical/subiquity/pull/1820/commits/...

issue-tracking

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 7, 2023
Vulnerability Reserved
Sep 25, 2023

Credit

Patric Åhlin

Johan Hortling

JSON

Canonical Ltd.