{"id":"CVE-2024-6174","details":"When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.","modified":"2026-03-23T05:05:34.364153717Z","published":"2025-06-26T10:15:25.133Z","related":["ALSA-2025:10844","ALSA-2025:10848","ALSA-2025:11324","SUSE-RU-2026:20174-1","SUSE-RU-2026:20192-1","SUSE-SU-2025:20656-1","SUSE-SU-2025:20755-1","openSUSE-RU-2026:20129-1","openSUSE-SU-2025:15376-1"],"references":[{"type":"ADVISORY","url":"https://github.com/canonical/cloud-init/releases/tag/25.1.3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/canonical/cloud-init","events":[{"introduced":"0"},{"fixed":"79ac5c8311efb8b89bca129cc8a0098ca5ef679d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"25.1.3"}]}}],"versions":["0.5.0","0.5.1","0.5.10","0.5.11","0.5.12","0.5.13","0.5.14","0.5.15","0.5.16pre1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.8","0.6.0","0.6.1","0.6.2","0.6.3","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","17.1","17.2","18.1","18.2","18.3","18.4","18.5","19.1","19.2","19.3","19.4","20.1","20.2","20.3","20.4","20.4.1","21.1","21.2","21.3","21.4","22.1","22.2","22.3","22.4","23.1","23.2","23.3","23.4","24.2","24.3","24.4","25.1","25.1.1","25.1.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6174.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}