Untriaged
Permalink
CVE-2024-6156
3.8 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): NONE
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, …
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
References
- https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v issue-tracking
- https://www.cve.org/CVERecord?id=CVE-2024-6156 issue-tracking
- https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v issue-tracking
- https://www.cve.org/CVERecord?id=CVE-2024-6156 issue-tracking
- https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v issue-tracking
- https://www.cve.org/CVERecord?id=CVE-2024-6156 issue-tracking
- https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v issue-tracking
- https://www.cve.org/CVERecord?id=CVE-2024-6156 issue-tracking
Affected products
lxd
- <5.0.4
- <4.0.10
- <5.21.2
- <6.1
Matching in nixpkgs
pkgs.lxd-image-server
Creates and manages a simplestreams lxd image server on top of nginx
-
nixos-unstable -
- nixpkgs-unstable 0.0.4
pkgs.python312Packages.pylxd
Library for interacting with the LXD REST API
-
nixos-unstable -
- nixpkgs-unstable 2.3.2
pkgs.python313Packages.pylxd
Library for interacting with the LXD REST API
-
nixos-unstable -
- nixpkgs-unstable 2.3.2
pkgs.terraform-providers.lxd
None
-
nixos-unstable -
- nixpkgs-unstable 2.5.0
Package maintainers
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>