CNNVD-202506-3259 Information
Jun 26, 2025
cve
CNNVD ID
CNNVD-202506-3259
Related CVE
- CNNVD Published: 2025-06-26
Description (Chinese)
cloud-init是Canonical开源的一个用于跨平台云实例初始化的行业标准多分发方法。 cloud-init 25.1.2及之前版本存在安全漏洞,该漏洞源于cloud-init-hotplugd.socket默认SocketMode权限为0666,可能导致未授权用户触发命令。
Description (English)
Cloud-init is an industry standard multi-distribution method for initializing cross-platform cloud examples. There is a security loophole in the cloud-init 25.1.2 and previous versions, which originates from the cloud-init-hotplugd.socket defaults the SocketMode permission to 0666, which may result in unauthorized user triggers.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
科能软件
Published
2025-06-26
Last Modified
2026-02-24
References
https://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3 https://github.com/canonical/cloud-init/releases/tag/25.1.3 https://access.redhat.com/security/cve/cve-2024-11584
Share on: