{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11584", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2024-11-20T23:04:27.187Z", "datePublished": "2025-06-26T09:25:20.199Z", "dateUpdated": "2025-06-26T19:14:46.084Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "cloud-init", "platforms": ["Linux"], "product": "cloud-init", "repo": "https://github.com/canonical/cloud-init", "vendor": "Canonical", "versions": [{"lessThan": "25.1.3", "status": "affected", "version": "21.3", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Harry Sintonen"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger hotplug-hook commands."}], "value": "cloud-init\u00a0through 25.1.2 includes the systemd socket unit\u00a0cloud-init-hotplugd.socket with default\u00a0SocketMode\u00a0that grants 0666 permissions, making it world-writable.\u00a0This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger\u00a0hotplug-hook commands."}], "impacts": [{"descriptions": [{"lang": "en", "value": "This vulnerability allows an unprivileged user to trigger hotplug-hook commands such as 'query', 'handle' and 'enable'"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "references": [{"url": "https://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3"}, {"url": "https://github.com/canonical/cloud-init/releases/tag/25.1.3"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-06-26T19:14:46.084Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-26T13:00:38.352816Z", "id": "CVE-2024-11584", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T13:00:41.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11584", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-26T13:00:38.352816Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T13:00:35.108Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Harry Sintonen"}], "impacts": [{"descriptions": [{"lang": "en", "value": "This vulnerability allows an unprivileged user to trigger hotplug-hook commands such as 'query', 'handle' and 'enable'"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/canonical/cloud-init", "vendor": "Canonical", "product": "cloud-init", "versions": [{"status": "affected", "version": "21.3", "lessThan": "25.1.3", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "cloud-init", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3"}, {"url": "https://github.com/canonical/cloud-init/releases/tag/25.1.3"}], "descriptions": [{"lang": "en", "value": "cloud-init\u00a0through 25.1.2 includes the systemd socket unit\u00a0cloud-init-hotplugd.socket with default\u00a0SocketMode\u00a0that grants 0666 permissions, making it world-writable.\u00a0This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger\u00a0hotplug-hook commands.", "supportingMedia": [{"type": "text/html", "value": "cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger hotplug-hook commands.", "base64": false}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-06-26T19:14:46.084Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11584", "state": "PUBLISHED", "dateUpdated": "2025-06-26T19:14:46.084Z", "dateReserved": "2024-11-20T23:04:27.187Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2025-06-26T09:25:20.199Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "cloud-init\u00a0through 25.1.2 includes the systemd socket unit\u00a0cloud-init-hotplugd.socket with default\u00a0SocketMode\u00a0that grants 0666 permissions, making it world-writable.\u00a0This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger\u00a0hotplug-hook commands."}], "id": "CVE-2024-11584", "lastModified": "2025-06-26T20:15:27.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.4, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2025-06-26T10:15:24.703", "references": [{"source": "security@ubuntu.com", "url": "https://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3"}, {"source": "security@ubuntu.com", "url": "https://github.com/canonical/cloud-init/releases/tag/25.1.3"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "cloud-init: From CVEorg collector", "id": "2374926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374926"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-276", "details": ["cloud-init\u00a0through 25.1.2 includes the systemd socket unit\u00a0cloud-init-hotplugd.socket with default\u00a0SocketMode\u00a0that grants 0666 permissions, making it world-writable.\u00a0This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger\u00a0hotplug-hook commands.", "A default permissions flaw was found in cloud-init. The cloud-init-hotplugd.socket grants 0666 permissions, making it world-writable. This vulnerability allows an unprivileged user to trigger hotplug-hook commands."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-11584", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "cloud-init", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-26T09:25:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-11584\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11584\nhttps://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3\nhttps://github.com/canonical/cloud-init/releases/tag/25.1.3"], "threat_severity": "Moderate"}