USN-7677-1 cloud-init vulnerabilities

Harry Sintonen discovered that the hotplugd socket in cloud-init was world writable. An attacker could possibly use this issue to send hotplug-hook commands. CVE-2024-11584 It was discovered that cloud-init granted root access to a hardcoded URL with a local IP address when a non-x86 platform is...

USN-7677-1: cloud-init vulnerabilities

Harry Sintonen discovered that the hotplugd socket in cloud-init was world writable. An attacker could possibly use this issue to send hotplug-hook commands. CVE-2024-11584 It was discovered that cloud-init granted root access to a hardcoded URL with a local IP address when a non-x86 platform is...

cloud-init-25.1.3-1.1 on GA media (moderate)

cloud-init-25.1.3-1.1 on GA media Announcement ID: openSUSE-SU-2025:15376-1 Rating: moderate Cross-References: CVE-2024-11584 CVE-2024-6174 CVSS scores: CVE-2024-11584 SUSE : 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2024-11584 SUSE : 5.1...

NewStart CGSL MAIN 7.02 : cloud-init Multiple Vulnerabilities (NS-SA-2025-0173)

The remote NewStart CGSL host, running version MAIN 7.02, has cloud-init packages installed that are affected by multiple vulnerabilities: - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed...

OPENSUSE-SU-2025:15376-1 cloud-init-25.1.3-1.1 on GA media

These are all security issues fixed in the cloud-init-25.1.3-1.1 package on the GA media of openSUSE Tumbleweed...

AlmaLinux 9 : cloud-init (ALSA-2025:10848)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:10848 advisory. cloud-init: Cloud init permissions flaw CVE-2024-6174 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note th...

Oracle Linux 8 : cloud-init (ELSA-2025-11324)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-11324 advisory. 23.4-7.0.2.el810.10 - Fixes regression in cloud-init with module ccwritefilesdeferred Orabug: 37382965 - Update IPv6 IMDS endpoint to ULA and drop NIC identifi...

cloud-init security update

23.4-7.0.2.el810.10 - Fixes regression in cloud-init with module ccwritefilesdeferred Orabug: 37382965 - Update IPv6 IMDS endpoint to ULA and drop NIC identifier Orabug: 35965980 - Enable IPv6 Orabug: 36502414 - Added missing services in rhel/systemd/cloud-init.service Orabug: 32183938 - Increase...

RHSA-2025:11337 Red Hat Security Advisory: cloud-init security update

Bulletin has no description...

RHSA-2025:11339 Red Hat Security Advisory: cloud-init security update

Bulletin has no description...

RHSA-2025:11324 Red Hat Security Advisory: cloud-init security update

Bulletin has no description...

RHSA-2025:11295 Red Hat Security Advisory: cloud-init security update

Bulletin has no description...

Oracle Linux 9 : cloud-init (ELSA-2025-10848)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-10848 advisory. - Resolves: RHEL-100611 CVE-2024-6174 cloud-init: From CVEorg collector rhel-9.6.z Tenable has extracted the preceding description block directly from the Orac...

AlmaLinux 8 : cloud-init (ALSA-2025:11324)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:11324 advisory. cloud-init: Cloud init permissions flaw CVE-2024-6174 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note th...

Important: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Telecommunications Update Service, and Red Hat Enterprise Linux 8.8 Extended Update Support EXTENSION. Red Hat Product Security has rated this update as havin...

cloud-init: Cloud init permissions flaw

An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...

Important: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update a...

cloud-init: Cloud init permissions flaw

An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...

Important: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

cloud-init: Cloud init permissions flaw

An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...