622 matches found
Important: Red Hat Security Advisory: cloud-init security update
An update for cloud-init is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
cloud-init: Cloud init permissions flaw
An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...
Important: Red Hat Security Advisory: cloud-init security update
An update for cloud-init is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
cloud-init: Cloud init permissions flaw
An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...
RHEL 9 : cloud-init (RHSA-2025:10879)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:10879 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...
RHEL 9 : cloud-init (RHSA-2025:10876)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:10876 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...
RHEL 9 : cloud-init (RHSA-2025:10848)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:10848 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...
ALSA-2025:10848 Important: cloud-init security update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...
RHEL 10 : cloud-init (RHSA-2025:10844)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:10844 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...
Oracle Linux 10 : cloud-init (ELSA-2025-10844)
The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-10844 advisory. 24.4-3.0.1.2 - NetworkManagerActivator brings up interface failed when using sysconfig renderer RHEL-18981 - Include module ccwritefilesdeferred in config...
Important: cloud-init security update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...
OESA-2025-1784 cloud-init security update
Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fixes: cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security vulnerability in cloud-init...
OESA-2025-1783 cloud-init security update
Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fixes: cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security vulnerability in cloud-init,...
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
...
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.
...
CBL Mariner 2.0 Security Update: cloud-init (CVE-2024-11584)
The version of cloud-init installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11584 advisory. - cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default...
CBL Mariner 2.0 Security Update: cloud-init (CVE-2024-6174)
The version of cloud-init installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6174 advisory. - When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP...
CVE-2024-6174 affecting package cloud-init for versions less than 23.3-7
CVE-2024-6174 affecting package cloud-init for versions less than 23.3-7. A patched version of the package is available...
CVE-2024-11584 affecting package cloud-init for versions less than 23.3-7
CVE-2024-11584 affecting package cloud-init for versions less than 23.3-7. A patched version of the package is available...
Important: cloud-init
Issue Overview: When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. CVE-2024-6174 Affected Packages: cloud-init Note: This advisory is applicable to Amazon...