CVE Vulnerabilities

CVE-2024-6174

Improper Authentication

Published: Jun 26, 2025 | Modified: Jun 26, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
8.8 IMPORTANT
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 10 RedHat cloud-init-0:24.4-3.el10_0.2 *
Red Hat Enterprise Linux 8 RedHat cloud-init-0:23.4-7.el8_10.10 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat cloud-init-0:21.1-15.el8_6.4 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat cloud-init-0:21.1-15.el8_6.4 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat cloud-init-0:21.1-15.el8_6.4 *
Red Hat Enterprise Linux 8.8 Telecommunications Update Service RedHat cloud-init-0:22.1-8.el8_8.2 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat cloud-init-0:22.1-8.el8_8.2 *
Red Hat Enterprise Linux 9 RedHat cloud-init-0:24.4-4.el9_6.3 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat cloud-init-0:21.1-19.el9_0.7 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat cloud-init-0:22.1-10.el9_2.1 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat cloud-init-0:23.4-7.el9_4.13 *
Cloud-init Ubuntu devel *
Cloud-init Ubuntu esm-infra/bionic *
Cloud-init Ubuntu esm-infra/focal *
Cloud-init Ubuntu esm-infra/xenial *
Cloud-init Ubuntu focal *
Cloud-init Ubuntu jammy *
Cloud-init Ubuntu mantic *
Cloud-init Ubuntu noble *
Cloud-init Ubuntu oracular *
Cloud-init Ubuntu plucky *
Cloud-init Ubuntu upstream *

Potential Mitigations

References