VDB

GCVE-VVD-MAGEIA-2021-494

GCVE-VVD-MAGEIA-2021-494
Advisory Published
Vulnetix · Advisory published October 29, 2021
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1.19 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user (CVE-2021-3429).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiacloud-init0 (affected), 20.2-2.1.mga8 (unaffected)

References

Updated cloud-init packages fix security vulnerability
advisory
Updated cloud-init packages fix security vulnerability
issue
Updated cloud-init packages fix security vulnerability
advisory
Updated cloud-init packages fix security vulnerability
fix

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›