Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-11584

Опубликовано: 26 июн. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5.9

Описание

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

РелизСтатусПримечание
devel

released

25.2~4geb9c1239-0ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

23.1.2-0ubuntu0~18.04.1+esm1
esm-infra/focal

released

24.4.1-0ubuntu0~20.04.3+esm1
esm-infra/xenial

not-affected

focal

ignored

end of standard support, was needs-triage
jammy

released

25.1.4-0ubuntu0~22.04.1
noble

released

25.1.4-0ubuntu0~24.04.1
oracular

ignored

end of life, was needed
plucky

released

25.1.4-0ubuntu0~25.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 8%
0.0003
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-11584

CVSS3: 5.9
redhat
5 месяцев назад

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

nvd логотип

CVE-2024-11584

CVSS3: 5.9
nvd
5 месяцев назад

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

msrc логотип

CVE-2024-11584

CVSS3: 5.9
msrc
4 месяца назад

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

debian логотип

CVE-2024-11584

CVSS3: 5.9
debian
5 месяцев назад

cloud-initthrough 25.1.2 includes the systemd socket unitcloud-init-ho ...

github логотип

GHSA-3xmh-hrxh-fx8j

CVSS3: 5.9
github
5 месяцев назад

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This being used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivelege user could trigger hotplug-hook commands.

EPSS

Процентиль: 8%
0.0003
Низкий

5.9 Medium

CVSS3

Уязвимость CVE-2024-11584