cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the /run/cloud-init/hook-hotplug-cmd FIFO. An unprivileged user could trigger hotplug-hook commands.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloud-init | Ubuntu | devel | * |
Cloud-init | Ubuntu | esm-infra/bionic | * |
Cloud-init | Ubuntu | esm-infra/focal | * |
Cloud-init | Ubuntu | focal | * |
Cloud-init | Ubuntu | jammy | * |
Cloud-init | Ubuntu | noble | * |
Cloud-init | Ubuntu | oracular | * |
Cloud-init | Ubuntu | plucky | * |
Cloud-init | Ubuntu | upstream | * |