CVE-2019-0816

Publication date 9 April 2019

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cloud-init	18.10 cosmic	Fixed 18.5-45-g3554ffe8-0ubuntu1~18.10.1
	18.04 LTS bionic	Fixed 18.5-45-g3554ffe8-0ubuntu1~18.04.1
	16.04 LTS xenial	Fixed 18.5-45-g3554ffe8-0ubuntu1~16.04.1
	14.04 LTS trusty	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
cloud-init	Upstream: https://code.launchpad.net/~jasonzio/cloud-init/+git/cloud-init/+merge/363445

Severity score breakdown

Parameter	Value
Base score	5.1 · Medium
Attack vector	Local
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	None
Vector	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N