CVE-2020-8631
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
Date published : 2020-02-05
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795