ID CVE-2018-10896
Summary The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.
References
Vulnerable Configurations
  • cpe:2.3:a:canonical:cloud-init:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:0.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:0.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:17.1:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:17.2:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:18.1:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:18.2:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:canonical:cloud-init:18.3:*:*:*:*:*:*:*
    cpe:2.3:a:canonical:cloud-init:18.3:*:*:*:*:*:*:*
CVSS
Base: 3.6 (as of 29-10-2020 - 20:19)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:N
redhat via4
advisories
bugzilla
id 1850456
title [RHEL8.2.1] Do not log IMDSv2 token values into cloud-init.log
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • comment cloud-init is earlier than 0:19.4-1.el8.7
      oval oval:com.redhat.rhsa:tst:20203050001
    • comment cloud-init is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20190597002
rhsa
id RHSA-2020:3050
released 2020-07-21
severity Low
title RHSA-2020:3050: cloud-init security, bug fix, and enhancement update (Low)
rpms
  • cloud-init-0:19.4-1.el8.7
  • cloud-init-0:18.5-12.el8_2.3
  • cloud-init-0:19.4-7.el7
refmap via4
confirm
Last major update 29-10-2020 - 20:19
Published 01-08-2018 - 17:29
Last modified 29-10-2020 - 20:19
Back to Top