622 matches found
CVE-2024-11584
CVE-2024-11584 affects cloud-init up to 25.1.2 where the systemd socket unit cloud-init-hotplugd.socket uses 0666 permissions, making the /run/cloud-init/hook-hotplug-cmd FIFO world-writable. This enables an unprivileged user to trigger hotplug-hook commands. The connected Nessus advisories confi...
CVE-2024-11584
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...
CVE-2024-6174
Summary: CVE-2024-6174 affects cloud-init. When a non-x86 platform is detected, it could grant root access to a hardcoded URL with a local IP. This is the underlying cause. Impact: High (CVSS v3.1: 8.8, privileges required: none, user interaction: none, scope: unchanged). Affected scope (from con...
CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
cloud-init 安全漏洞
cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization open-sourced by Canonical. A security vulnerability exists in cloud-init that stems from a root access granted to a hard-coded URL during detection on non-x86 platforms...
PT-2025-26944
Name of the Vulnerable Software and Affected Versions: cloud-init affected versions not specified Description: The issue occurs when a non-x86 platform is detected, causing cloud-init to grant root access to a hardcoded URL with a local IP address. By default, cloud-init configurations disable...
cloud-init 安全漏洞
cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization open-sourced by Canonical. A security vulnerability exists in cloud-init version 25.1.2 and earlier, which stems from the default SocketMode permission of 0666 for...
PT-2025-26948
Name of the Vulnerable Software and Affected Versions: cloud-init versions through 25.1.2 Description: The issue concerns the systemd socket unit cloud-init-hotplugd.socket in cloud-init, which has a default SocketMode that grants 0666 permissions, making it world-writable. This affects the...
NewStart CGSL MAIN 7.02 : cloud-init Vulnerability (NS-SA-2025-0074)
The remote NewStart CGSL host, running version MAIN 7.02, has cloud-init packages installed that are affected by a vulnerability: - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...
Alibaba Cloud Linux 3 : 0257: cloud-init (ALINUX3-SA-2024:0257)
The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2024:0257 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3429: When instructing cloud-init to set a...
The vulnerability of the Cloud-init configuration tool, related to insufficient protection of registration data, allows a perpetrator to access confidential information.
The vulnerability of the Cloud-init configuration tool is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker to access confidential information...
cloud-init bug fix update
An update is available for cloud-init. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...
cloud-init bug fix and enhancement update
An update is available for cloud-init. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9...
Linux Distros Unpatched Vulnerability : CVE-2023-1786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escala...
Linux Distros Unpatched Vulnerability : CVE-2018-10896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some...
Astra Linux – Vulnerability in cloud-init
Sensitive data may be exposed in logs of cloud-init before version 23.1.2. Attackers could use this information to obtain hashed passwords and potentially escalate their privileges...
Medium: cloud-init
Issue Overview: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. CVE-2023-1786 Affected Packages: cloud-init Note: This advisory is applicable to Amazon Linux 2 AL2...
Medium: cloud-init
Issue Overview: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. CVE-2023-1786 Affected Packages: cloud-init Note: This advisory is applicable to Amazon Linux 2 AL2...