ALT-PU-2025-10350-5

Package update cloud-init in branch c9f2

Version20.4-alt0.c9.2

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (2)

HIGH8.8

Уязвимость инструмента инициализации облачных виртуальных машин Cloud-Init, связанная с недостатками процедуры аутентификации, позволяющая нарушителю повысить свои привилегии до уровня root

Published: 2025-09-07Modified: 2026-04-19

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 8.3

CVSS:2.0/AV:A/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2024-6174

HIGH8.8

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Published: 2025-06-26Modified: 2025-08-26

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/canonical/cloud-init/releases/tag/25.1.3