Cloud Init

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-6174 HIGH PATCH This Week

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Authentication Bypass Ubuntu Debian Cloud Init Redhat +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-11584 MEDIUM PATCH This Month

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

Information Disclosure Ubuntu Debian Cloud Init Redhat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-6174
EPSS 0% CVSS 8.8
HIGH PATCH This Week

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Authentication Bypass Ubuntu Debian +3
NVD GitHub
CVE-2024-11584
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

Information Disclosure Ubuntu Debian +3
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy