Astra Linux - уязвимость в cloud-init

In cloud-init through 25.1.2, the systemd socket unit cloud-init-hotplugd.socket is included, with a default SocketMode of 0666, allowing world-write permissions. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. A non-privileged user can trigger hotplug-hook commands...

Linux Distros Unpatched Vulnerability : CVE-2024-11584

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it...

CVE-2024-11584

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

DEBIAN-CVE-2024-11584

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

AZL-64371 CVE-2024-11584 affecting package cloud-init for versions less than 23.3-7

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

PT-2025-26948

Name of the Vulnerable Software and Affected Versions: cloud-init versions through 25.1.2 Description: The issue concerns the systemd socket unit cloud-init-hotplugd.socket in cloud-init, which has a default SocketMode that grants 0666 permissions, making it world-writable. This affects the...