CVE-2024-6174

EUVD-2024-54707
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
canonicalcloud-init
𝑥
< 25.1.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cloud-init
bookworm
22.4.2-1+deb12u3
fixed
bullseye
postponed
forky
25.3-2
fixed
sid
25.3-2
fixed
trixie
25.1.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cloud-init
bionic
Fixed 23.1.2-0ubuntu0~18.04.1+esm1
released
focal
Fixed 24.4.1-0ubuntu0~20.04.3+esm1
released
jammy
Fixed 25.1.4-0ubuntu0~22.04.1
released
mantic
ignored
noble
Fixed 25.1.4-0ubuntu0~24.04.1
released
oracular
ignored
plucky
Fixed 25.1.4-0ubuntu0~25.04.1
released
trusty
dne
xenial
Fixed 21.1-19-gbad84ad4-0ubuntu1~16.04.4+esm2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cloud-init
suse enterprise sap 15 SP4
25.1.3-150400.15.7.6
fixed
suse enterprise sap 15 SP5
25.1.3-150400.15.7.6
fixed
suse enterprise sap 15 SP6
25.1.3-150400.15.7.6
fixed
suse enterprise sap 15 SP7
25.1.3-150400.15.7.6
fixed
suse enterprise server 15 SP4
25.1.3-150400.15.7.6
fixed
suse enterprise server 15 SP5
25.1.3-150400.15.7.6
fixed
suse enterprise server 15 SP6
25.1.3-150400.15.7.6
fixed
suse enterprise server 15 SP7
25.1.3-150400.15.7.6
fixed
cloud-init-config-suse
suse enterprise sap 15 SP4
25.1.3-150400.15.7.6
fixed
suse enterprise sap 15 SP5
25.1.3-150400.15.7.6
fixed
suse enterprise sap 15 SP6
25.1.3-150400.15.7.6
fixed
suse enterprise sap 15 SP7
25.1.3-150400.15.7.6
fixed
suse enterprise server 15 SP4
25.1.3-150400.15.7.6
fixed
suse enterprise server 15 SP5
25.1.3-150400.15.7.6
fixed
suse enterprise server 15 SP6
25.1.3-150400.15.7.6
fixed
suse enterprise server 15 SP7
25.1.3-150400.15.7.6
fixed
python311-configobj
suse enterprise desktop 15 SP7
5.0.8-150400.12.5.1
fixed
suse enterprise sap 15 SP4
5.0.8-150400.12.5.1
fixed
suse enterprise sap 15 SP5
5.0.8-150400.12.5.1
fixed
suse enterprise sap 15 SP6
5.0.8-150400.12.5.1
fixed
suse enterprise sap 15 SP7
5.0.8-150400.12.5.1
fixed
suse enterprise server 15 SP4
5.0.8-150400.12.5.1
fixed
suse enterprise server 15 SP5
5.0.8-150400.12.5.1
fixed
suse enterprise server 15 SP6
5.0.8-150400.12.5.1
fixed
suse enterprise server 15 SP7
5.0.8-150400.12.5.1
fixed
python311-jsonpatch
suse enterprise desktop 15 SP7
1.32-150400.10.5.1
fixed
suse enterprise sap 15 SP4
1.32-150400.10.5.1
fixed
suse enterprise sap 15 SP5
1.32-150400.10.5.1
fixed
suse enterprise sap 15 SP6
1.32-150400.10.5.1
fixed
suse enterprise sap 15 SP7
1.32-150400.10.5.1
fixed
suse enterprise server 15 SP4
1.32-150400.10.5.1
fixed
suse enterprise server 15 SP5
1.32-150400.10.5.1
fixed
suse enterprise server 15 SP6
1.32-150400.10.5.1
fixed
suse enterprise server 15 SP7
1.32-150400.10.5.1
fixed
python311-jsonpointer
suse enterprise desktop 15 SP7
2.3-150400.11.5.1
fixed
suse enterprise sap 15 SP4
2.3-150400.11.5.1
fixed
suse enterprise sap 15 SP5
2.3-150400.11.5.1
fixed
suse enterprise sap 15 SP6
2.3-150400.11.5.1
fixed
suse enterprise sap 15 SP7
2.3-150400.11.5.1
fixed
suse enterprise server 15 SP4
2.3-150400.11.5.1
fixed
suse enterprise server 15 SP5
2.3-150400.11.5.1
fixed
suse enterprise server 15 SP6
2.3-150400.11.5.1
fixed
suse enterprise server 15 SP7
2.3-150400.11.5.1
fixed
python311-passlib
suse enterprise sap 15 SP4
1.7.4-150400.6.5.2
fixed
suse enterprise sap 15 SP5
1.7.4-150400.6.5.2
fixed
suse enterprise server 15 SP4
1.7.4-150400.6.5.2
fixed
suse enterprise server 15 SP5
1.7.4-150400.6.5.2
fixed
python311-pyserial
suse enterprise desktop 15 SP7
3.5-150400.12.5.1
fixed
suse enterprise sap 15 SP4
3.5-150400.12.5.1
fixed
suse enterprise sap 15 SP5
3.5-150400.12.5.1
fixed
suse enterprise sap 15 SP6
3.5-150400.12.5.1
fixed
suse enterprise sap 15 SP7
3.5-150400.12.5.1
fixed
suse enterprise server 15 SP4
3.5-150400.12.5.1
fixed
suse enterprise server 15 SP5
3.5-150400.12.5.1
fixed
suse enterprise server 15 SP6
3.5-150400.12.5.1
fixed
suse enterprise server 15 SP7
3.5-150400.12.5.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
cloud-init
RHEL 9
0:24.4-4.el9_6.3
fixed
Common Weakness Enumeration
References
https://github.com/canonical/cloud-init/releases/tag/25.1.3