Lucene search

CanonicalCVELIST:CVE-2020-11932

HistoryMay 13, 2020 - 12:20 a.m.

CVE-2020-11932 Subiquity server installer logged LUKS full disk encryption password

2020-05-1300:20:13

CWE-532

canonical

www.cve.org

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

Percentile

12.6%

JSON

It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.

CNA Affected

[
  {
    "product": "Subiquity",
    "vendor": "Canonical",
    "versions": [
      {
        "lessThan": "20.05.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

aliceandbob.company/the-human-factor-in-an-economy-of-scale/

github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-11932