{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-3429", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2021-03-10T23:54:34.444Z", "datePublished": "2023-04-19T21:42:02.402Z", "dateUpdated": "2025-02-05T14:44:18.828Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/canonical/cloud-init/releases", "packageName": "cloud-init", "platforms": ["Linux"], "product": "cloud-init", "repo": "https://github.com/canonical/cloud-init/", "vendor": "Canonical Ltd.", "versions": [{"lessThan": "21.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Carl Pearson"}], "datePublic": "2021-03-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user."}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["patch"], "url": "https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668"}], "title": "sensitive data exposure in cloud-init logs", "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2023-04-19T21:42:02.402Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.576Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-532", "lang": "en", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T14:43:36.200298Z", "id": "CVE-2021-3429", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T14:44:18.828Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.576Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-3429", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-05T14:43:36.200298Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T14:44:13.117Z"}}], "cna": {"title": "sensitive data exposure in cloud-init logs", "credits": [{"lang": "en", "type": "finder", "value": "Carl Pearson"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"repo": "https://github.com/canonical/cloud-init/", "vendor": "Canonical Ltd.", "product": "cloud-init", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "cloud-init", "collectionURL": "https://github.com/canonical/cloud-init/releases"}], "datePublic": "2021-03-26T00:00:00.000Z", "references": [{"url": "https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2023-04-19T21:42:02.402Z"}}}, "cveMetadata": {"cveId": "CVE-2021-3429", "state": "PUBLISHED", "dateUpdated": "2025-02-05T14:44:18.828Z", "dateReserved": "2021-03-10T23:54:34.444Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2023-04-19T21:42:02.402Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:cloud-init:*:*:*:*:*:*:*:*", "matchCriteriaId": "24AE1645-A98F-41D7-8F77-8647A25E6B4A", "versionEndExcluding": "21.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user."}], "id": "CVE-2021-3429", "lastModified": "2025-02-05T15:15:13.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-04-19T22:15:10.137", "references": [{"source": "security@ubuntu.com", "tags": ["Patch"], "url": "https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security@ubuntu.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:3081", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "cloud-init-0:20.3-10.el8_4.5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-10T00:00:00Z"}, {"advisory": "RHSA-2021:3177", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "cloud-init-0:18.5-7.el8_1.6", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-08-17T00:00:00Z"}, {"advisory": "RHSA-2021:3371", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "cloud-init-0:18.5-12.el8_2.10", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-08-31T00:00:00Z"}], "bugzilla": {"description": "cloud-init: randomly generated passwords logged in clear-text to world-readable file", "id": "1940967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940967"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-532", "details": ["When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.", "A flaw was found in cloud-init. When a system is configured through cloud-init and the \"Set Passwords\" module is used with \"chpasswd\" directive and \"RANDOM\", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The highest threat from this vulnerability is to data confidentiality and it may allow a local attacker to log in as another user."], "name": "CVE-2021-3429", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3429\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3429"], "statement": "By default the randomly password generated by \"chpasswd\" must be changed on the first login of the user. That means that once a user accesses the system for the first time, the random password in the log file cannot be used anymore. However it is possible to configure an extended validity period for the random password, thus the actual impact of this password leak may vary based on the environment and how the systems are configured through cloud-init.", "threat_severity": "Moderate"}