CVE-2024-6174

Name
CVE-2024-6174
Description
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@ubuntu.com https://github.com/canonical/cloud-init/releases/tag/25.1.3

Match rules

CPE URI Source package Min version Max version
cloud-init >= 0.7.9 < 25.1.3
cpe:2.3:a:canonical:cloud-init:*:*:*:*:*:*:*:* cloud-init >= None < 25.1.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
cloud-init edge-community 24.3.1-r3 Achill Gilgenast <achill@achill.org> possibly vulnerable
cloud-init edge-community 24.3.1-r2 fossdd <fossdd@pwned.life> possibly vulnerable
cloud-init edge-community 24.3.1-r1 fossdd <fossdd@pwned.life> possibly vulnerable
cloud-init edge-community 24.3.1-r0 None possibly vulnerable
cloud-init edge-community 23.1.2-r0 Dermot Bradley <dermot_bradley@yahoo.com> possibly vulnerable
cloud-init edge-community 22.2.2-r0 Dermot Bradley <dermot_bradley@yahoo.com> possibly vulnerable
cloud-init edge-community 21.1-r1 None possibly vulnerable
cloud-init 3.22-community 24.3.1-r2 fossdd <fossdd@pwned.life> possibly vulnerable
cloud-init 3.22-community 24.3.1-r0 None possibly vulnerable
cloud-init 3.22-community 23.1.2-r0 None possibly vulnerable
cloud-init 3.22-community 22.2.2-r0 None possibly vulnerable
cloud-init 3.22-community 21.1-r1 None possibly vulnerable