Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
cloud-init 安全漏洞
Vulnerability Description
cloud-init是Canonical开源的一个用于跨平台云实例初始化的行业标准多分发方法。 cloud-init 25.1.2及之前版本存在安全漏洞,该漏洞源于cloud-init-hotplugd.socket默认SocketMode权限为0666,可能导致未授权用户触发命令。
CVSS Information
N/A
Vulnerability Type
N/A