{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11584", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2024-11-20T23:04:27.187Z", "datePublished": "2025-06-26T09:25:20.199Z", "dateUpdated": "2025-06-26T19:14:46.084Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "cloud-init", "platforms": ["Linux"], "product": "cloud-init", "repo": "https://github.com/canonical/cloud-init", "vendor": "Canonical", "versions": [{"lessThan": "25.1.3", "status": "affected", "version": "21.3", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Harry Sintonen"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger hotplug-hook commands."}], "value": "cloud-init\u00a0through 25.1.2 includes the systemd socket unit\u00a0cloud-init-hotplugd.socket with default\u00a0SocketMode\u00a0that grants 0666 permissions, making it world-writable.\u00a0This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger\u00a0hotplug-hook commands."}], "impacts": [{"descriptions": [{"lang": "en", "value": "This vulnerability allows an unprivileged user to trigger hotplug-hook commands such as 'query', 'handle' and 'enable'"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "references": [{"url": "https://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3"}, {"url": "https://github.com/canonical/cloud-init/releases/tag/25.1.3"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-06-26T19:14:46.084Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-26T13:00:38.352816Z", "id": "CVE-2024-11584", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T13:00:41.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11584", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-26T13:00:38.352816Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T13:00:35.108Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Harry Sintonen"}], "impacts": [{"descriptions": [{"lang": "en", "value": "This vulnerability allows an unprivileged user to trigger hotplug-hook commands such as 'query', 'handle' and 'enable'"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/canonical/cloud-init", "vendor": "Canonical", "product": "cloud-init", "versions": [{"status": "affected", "version": "21.3", "lessThan": "25.1.3", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "cloud-init", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3"}, {"url": "https://github.com/canonical/cloud-init/releases/tag/25.1.3"}], "descriptions": [{"lang": "en", "value": "cloud-init\u00a0through 25.1.2 includes the systemd socket unit\u00a0cloud-init-hotplugd.socket with default\u00a0SocketMode\u00a0that grants 0666 permissions, making it world-writable.\u00a0This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger\u00a0hotplug-hook commands.", "supportingMedia": [{"type": "text/html", "value": "cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger hotplug-hook commands.", "base64": false}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-06-26T19:14:46.084Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11584", "state": "PUBLISHED", "dateUpdated": "2025-06-26T19:14:46.084Z", "dateReserved": "2024-11-20T23:04:27.187Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2025-06-26T09:25:20.199Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:cloud-init:*:*:*:*:*:*:*:*", "matchCriteriaId": "5549A5E9-C7DB-4106-865B-21D216620BD4", "versionEndExcluding": "25.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "cloud-init\u00a0through 25.1.2 includes the systemd socket unit\u00a0cloud-init-hotplugd.socket with default\u00a0SocketMode\u00a0that grants 0666 permissions, making it world-writable.\u00a0This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger\u00a0hotplug-hook commands."}, {"lang": "es", "value": "Cloud-init hasta la versi\u00f3n 25.1.2 se incluye la unidad de socket systemd cloud-init-hotplugd.socket con el SocketMode predeterminado, que otorga permisos 0666, lo que le otorga permisos de escritura universal. Esto se utiliza para el FIFO \"/run/cloud-init/hook-hotplug-cmd\". Un usuario sin privilegios podr\u00eda ejecutar comandos hotplug-hook."}], "id": "CVE-2024-11584", "lastModified": "2025-09-05T15:20:25.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-06-26T10:15:24.703", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3"}, {"source": "[email protected]", "tags": ["Release Notes"], "url": "https://github.com/canonical/cloud-init/releases/tag/25.1.3"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "cloud-init: Cloud init permissions handling flaw", "id": "2374926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374926"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-276", "details": ["cloud-init\u00a0through 25.1.2 includes the systemd socket unit\u00a0cloud-init-hotplugd.socket with default\u00a0SocketMode\u00a0that grants 0666 permissions, making it world-writable.\u00a0This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger\u00a0hotplug-hook commands.", "A default permissions flaw was found in cloud-init. The cloud-init-hotplugd.socket grants 0666 permissions, making it world-writable. This vulnerability allows an unprivileged user to trigger hotplug-hook commands."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-11584", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-26T09:25:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-11584\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11584\nhttps://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3\nhttps://github.com/canonical/cloud-init/releases/tag/25.1.3"], "threat_severity": "Moderate"}