CVE-2016-1582

CWE-200Information Exposure6 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 87.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical LXDCanonical Ubuntu Linux
Timeline
PublishedJun 9

Description

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Ubuntulxd< 2.0.2-0ubuntu1~16.04.1
NVDcanonical/lxd2.0.1

Also affects: Ubuntu Linux 15.10, 16.04

🔴Vulnerability Details

3
CVEList
CVE-2016-1582: LXD before 22016-06-09
OSV
lxd vulnerabilities2016-05-31
OSV
CVE-2016-1582: LXD before 22016-05-31

📋Vendor Advisories

2
Ubuntu
LXD vulnerabilities2016-05-31
Debian
CVE-2016-1582: lxd - LXD before 2.0.2 does not properly set permissions when switching an unprivilege...2016
CVE-2016-1582 (MEDIUM CVSS 5.5) | LXD before 2.0.2 does not properly | cvebase.io