{"id":"AZL-64334","summary":"CVE-2024-6174 affecting package cloud-init for versions less than 24.3.1-2","details":"When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.","modified":"2026-04-21T04:32:22.180229Z","published":"2025-06-26T10:15:25Z","upstream":["CVE-2024-6174"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6174"}],"affected":[{"package":{"name":"cloud-init","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/cloud-init"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.3.1-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64334.json"}}],"schema_version":"1.7.5"}