Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "21.1-19-gbad84ad4-0ubuntu1~16.04.4", "binary_name": "cloud-init" }, { "binary_version": "21.1-19-gbad84ad4-0ubuntu1~16.04.4", "binary_name": "ec2-init" }, { "binary_version": "21.1-19-gbad84ad4-0ubuntu1~16.04.4", "binary_name": "grub-legacy-ec2" } ] }