No sensitive data stored in user_data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | CloudStack |
| Vulnerability Type | misconfiguration |
Description#
Sensitive information such as passwords or secrets is stored in the user_data field of CloudStack instance resources. User data is accessible to anyone with access to the instance metadata service, making it an insecure location for confidential data.
Impact#
If exploited, attackers or unauthorized users could retrieve sensitive credentials from the instance metadata, potentially leading to account compromise, lateral movement within the environment, or exposure of critical systems and data.
Resolution#
Don’t use sensitive data in the user data section