CVE-2023-5182

EUVD-2023-57519
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
canonicalCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
canonicalsubiquity
𝑥
≤ 23.09.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subiquity
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182
https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182
https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c