CVE-2018-10896 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-10896 Interim 1 4 2025-02-17T02:49:02Z current 2023-10-31T00:57:27Z 2025-02-17T02:49:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-10896 The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 7 SUSE Liberty Linux 8 cloud-init-19.4-1.el8.7 cloud-init-19.4-7.el7 cloud-init-19.4-7.el7 as a component of SUSE Liberty Linux 7 cloud-init-19.4-1.el8.7 as a component of SUSE Liberty Linux 8 The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. CVE-2018-10896 SUSE Liberty Linux 7:cloud-init-19.4-7.el7 SUSE Liberty Linux 8:cloud-init-19.4-1.el8.7 important 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N