Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-6174

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

When a non-x86 platform is detected, cloud-init grants root access …

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

References

https://github.com/canonical/cloud-init/releases/tag/25.1.3

Affected products

cloud-init

<25.1.3

Matching in nixpkgs

pkgs.cloud-init

Provides configuration and customization of cloud instance

nixos-unstable -
- nixpkgs-unstable 25.2

Package maintainers

@jfroche Jean-François Roche <jfroche@pyxel.be>
@illustris Harikrishnan R <me@illustris.tech>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.cloud-init

Package maintainers