CNNVD-202506-3255 Information

CNNVD ID

CNNVD-202506-3255

Related CVE

CVE-2024-6174

• CNNVD Published: 2025-06-26

Description (Chinese)

cloud-init是Canonical开源的一个用于跨平台云实例初始化的行业标准多分发方法。 cloud-init存在安全漏洞，该漏洞源于非x86平台检测时授予硬编码URL的root访问权限。

Description (English)

Cloud-init is an industry standard multi-distribution method for initializing cross-platform cloud examples. There is a security loophole in the cloud-init, which results from the granting of root access to hard-coded URLs for non-x86 platform testing.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

科能软件

Published

2025-06-26

Last Modified

2026-02-24

References

https://github.com/canonical/cloud-init/releases/tag/25.1.3 https://vigilance.fr/vulnerability/cloud-init-privilege-escalation-via-Hardcoded-Url-47707 https://nvd.nist.gov/vuln/detail/CVE-2024-6174 https://access.redhat.com/security/cve/cve-2024-6174