Search criteria
9 vulnerabilities found for subiquity by canonical
FKIE_CVE-2022-0555
Vulnerability from fkie_nvd - Published: 2024-06-03 19:15 - Updated: 2025-08-26 17:20
Severity ?
Summary
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://bugs.launchpad.net/subiquity/+bug/1960162 | Exploit, Issue Tracking | |
| security@ubuntu.com | https://github.com/canonical/subiquity/pull/1181 | Issue Tracking, Patch | |
| security@ubuntu.com | https://github.com/canonical/subiquity/pull/1182 | Issue Tracking, Patch | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2022-0555 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/subiquity/+bug/1960162 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/canonical/subiquity/pull/1181 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/canonical/subiquity/pull/1182 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cve.org/CVERecord?id=CVE-2022-0555 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "029CDF3E-F362-4122-A78E-D09A633E8D5A",
"versionEndExcluding": "22.02.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions"
},
{
"lang": "es",
"value": "Subiquity muestra una frase de contrase\u00f1a de almacenamiento guiada en texto plano con permisos de lectura total"
}
],
"id": "CVE-2022-0555",
"lastModified": "2025-08-26T17:20:47.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-03T19:15:09.063",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-256"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-5182
Vulnerability from fkie_nvd - Published: 2023-10-07 00:15 - Updated: 2024-11-21 08:41
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0FBB2-EC64-4E69-B884-BDA9F6DCEBE8",
"versionEndIncluding": "23.09.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege."
},
{
"lang": "es",
"value": "Los datos confidenciales podr\u00edan quedar expuestos en los registros de subiquity versi\u00f3n 23.09.1 y anteriores. Un atacante del grupo adm podr\u00eda usar esta informaci\u00f3n para encontrar contrase\u00f1as cifradas y posiblemente aumentar sus privilegios."
}
],
"id": "CVE-2023-5182",
"lastModified": "2024-11-21T08:41:15.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-07T00:15:11.597",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-11932
Vulnerability from fkie_nvd - Published: 2020-05-13 01:15 - Updated: 2024-11-21 04:58
Severity ?
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5285647F-F58C-4842-B180-1A04D602212A",
"versionEndExcluding": "20.05.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
},
{
"lang": "es",
"value": "Se detect\u00f3 que el instalador de Subiquity para Ubuntu Server, registraba la contrase\u00f1a completa de cifrado de disco de LUKS si una era ingresada."
}
],
"id": "CVE-2020-11932",
"lastModified": "2024-11-21T04:58:55.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-13T01:15:12.130",
"references": [
{
"source": "security@ubuntu.com",
"url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-0555 (GCVE-0-2022-0555)
Vulnerability from cvelistv5 – Published: 2024-06-03 18:17 – Updated: 2024-08-02 23:32
VLAI?
Summary
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
Severity ?
8.4 (High)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | subiquity |
Affected:
0 , < 22.02.1
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "subiquity",
"vendor": "canonical",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T17:41:55.971187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:51:14.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:17:35.956Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-0555",
"datePublished": "2024-06-03T18:17:35.956Z",
"dateReserved": "2022-02-10T02:44:55.484Z",
"dateUpdated": "2024-08-02T23:32:46.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5182 (GCVE-0-2023-5182)
Vulnerability from cvelistv5 – Published: 2023-10-06 23:28 – Updated: 2024-09-19 16:41
VLAI?
Summary
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | subiquity |
Affected:
0 , ≤ 23.09.1
(semver)
|
Credits
Patric Åhlin
Johan Hortling
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T16:41:20.619067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:41:29.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "23.09.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Patric \u00c5hlin"
},
{
"lang": "en",
"type": "finder",
"value": "Johan Hortling"
}
],
"datePublic": "2023-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T23:28:48.953Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-5182",
"datePublished": "2023-10-06T23:28:48.953Z",
"dateReserved": "2023-09-25T18:11:51.008Z",
"dateUpdated": "2024-09-19T16:41:29.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11932 (GCVE-0-2020-11932)
Vulnerability from cvelistv5 – Published: 2020-05-13 00:20 – Updated: 2024-09-16 23:05
VLAI?
Title
Subiquity server installer logged LUKS full disk encryption password
Summary
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
Severity ?
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Moritz Naumann from Alice&Bob.Company GmbH
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Subiquity",
"vendor": "Canonical",
"versions": [
{
"lessThan": "20.05.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Moritz Naumann from Alice\u0026Bob.Company GmbH"
}
],
"datePublic": "2020-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-03T17:03:51",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
}
],
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1878115"
],
"discovery": "USER"
},
"title": "Subiquity server installer logged LUKS full disk encryption password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-05-11T00:00:00.000Z",
"ID": "CVE-2020-11932",
"STATE": "PUBLIC",
"TITLE": "Subiquity server installer logged LUKS full disk encryption password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Subiquity",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.05.2"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moritz Naumann from Alice\u0026Bob.Company GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613",
"refsource": "MISC",
"url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
},
{
"name": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/",
"refsource": "MISC",
"url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1878115"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-11932",
"datePublished": "2020-05-13T00:20:13.011745Z",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-09-16T23:05:48.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0555 (GCVE-0-2022-0555)
Vulnerability from nvd – Published: 2024-06-03 18:17 – Updated: 2024-08-02 23:32
VLAI?
Summary
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
Severity ?
8.4 (High)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | subiquity |
Affected:
0 , < 22.02.1
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:subiquity:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "subiquity",
"vendor": "canonical",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T17:41:55.971187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:51:14.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "22.02.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:17:35.956Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/subiquity/+bug/1960162"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0555"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1181"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-0555",
"datePublished": "2024-06-03T18:17:35.956Z",
"dateReserved": "2022-02-10T02:44:55.484Z",
"dateUpdated": "2024-08-02T23:32:46.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5182 (GCVE-0-2023-5182)
Vulnerability from nvd – Published: 2023-10-06 23:28 – Updated: 2024-09-19 16:41
VLAI?
Summary
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | subiquity |
Affected:
0 , ≤ 23.09.1
(semver)
|
Credits
Patric Åhlin
Johan Hortling
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T16:41:20.619067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:41:29.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "subiquity",
"platforms": [
"Linux"
],
"product": "subiquity",
"repo": "https://github.com/canonical/subiquity",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "23.09.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Patric \u00c5hlin"
},
{
"lang": "en",
"type": "finder",
"value": "Johan Hortling"
}
],
"datePublic": "2023-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T23:28:48.953Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-5182",
"datePublished": "2023-10-06T23:28:48.953Z",
"dateReserved": "2023-09-25T18:11:51.008Z",
"dateUpdated": "2024-09-19T16:41:29.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11932 (GCVE-0-2020-11932)
Vulnerability from nvd – Published: 2020-05-13 00:20 – Updated: 2024-09-16 23:05
VLAI?
Title
Subiquity server installer logged LUKS full disk encryption password
Summary
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
Severity ?
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Moritz Naumann from Alice&Bob.Company GmbH
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Subiquity",
"vendor": "Canonical",
"versions": [
{
"lessThan": "20.05.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Moritz Naumann from Alice\u0026Bob.Company GmbH"
}
],
"datePublic": "2020-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-03T17:03:51",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
}
],
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1878115"
],
"discovery": "USER"
},
"title": "Subiquity server installer logged LUKS full disk encryption password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-05-11T00:00:00.000Z",
"ID": "CVE-2020-11932",
"STATE": "PUBLIC",
"TITLE": "Subiquity server installer logged LUKS full disk encryption password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Subiquity",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.05.2"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moritz Naumann from Alice\u0026Bob.Company GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613",
"refsource": "MISC",
"url": "https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613"
},
{
"name": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/",
"refsource": "MISC",
"url": "https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1878115"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-11932",
"datePublished": "2020-05-13T00:20:13.011745Z",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-09-16T23:05:48.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}