CVE-2020-11932

low-risk
Published 2020-05-13

It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.

Do I need to act?

~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Subiquity

Affected Vendors

Canonical

References (4)

https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/
Patch https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d67...
https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/
Patch https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d67...
19
/ 100
low-risk
Severity 10/34 · Low
Exploitability 4/34 · Minimal
Exposure 5/34 · Minimal