Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-11584

Опубликовано: 26 июн. 2025
Источник: redhat
CVSS3: 5.9

Описание

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

A default permissions flaw was found in cloud-init. The cloud-init-hotplugd.socket grants 0666 permissions, making it world-writable. This vulnerability allows an unprivileged user to trigger hotplug-hook commands.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10cloud-initFix deferred
Red Hat Enterprise Linux 7cloud-initOut of support scope
Red Hat Enterprise Linux 8cloud-initFix deferred
Red Hat Enterprise Linux 9cloud-initFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-276
https://bugzilla.redhat.com/show_bug.cgi?id=2374926cloud-init: Cloud init permissions handling flaw

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-11584

CVSS3: 5.9
ubuntu
5 месяцев назад

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

nvd логотип

CVE-2024-11584

CVSS3: 5.9
nvd
5 месяцев назад

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

msrc логотип

CVE-2024-11584

CVSS3: 5.9
msrc
4 месяца назад

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

debian логотип

CVE-2024-11584

CVSS3: 5.9
debian
5 месяцев назад

cloud-initthrough 25.1.2 includes the systemd socket unitcloud-init-ho ...

github логотип

GHSA-3xmh-hrxh-fx8j

CVSS3: 5.9
github
5 месяцев назад

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This being used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivelege user could trigger hotplug-hook commands.

5.9 Medium

CVSS3