Base Score

LOW3.8

CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

VectorLOCAL

Published Bysecurity@ubuntu.com

Published DateDec 06, 2024, 00:15

Affected Versions(1)

github.com/canonical/lxd(Go)

Introduced0

Fixed0.0.0-20240708073652-5a492a3f0036

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/canonical/lxd(Go)	0	0.0.0-20240708073652-5a492a3f0036	N/A

Weakness Type (CWE):CWE-295

CVSS Metrics

Base Score

3.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

LOW3.8

Weakness Type (CWE):CWE-295

CVSS Metrics

Base Score

3.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE