Bug#951363: cloud-init: CVE-2020-8632
Tags: security upstream fixed-upstream
Control: found -1 19.3-2
The following vulnerability was published for cloud-init.
| In cloud-init through 19.4, rand_user_password in
| cloudinit/config/cc_set_passwords.py has a small default pwlen value,
| which makes it easier for attackers to guess passwords.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.