CVE-2017-18641

CWE-287Improper Authentication5 documents5 sources
Severity
8.1HIGH
EPSS
0.6%
top 31.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linuxcontainers LXC
Timeline
PublishedFeb 10
Latest updateMay 24

Description

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

Debianlxc< 1:3.0.3-1+3

Patches

Patch: bugs.launchpad.netPatch: bugs.launchpad.net

🔴Vulnerability Details

3
GHSA
GHSA-rv6g-hrqv-7f3p: In LXC 22022-05-24
CVEList
CVE-2017-18641: In LXC 22020-02-10
OSV
CVE-2017-18641: In LXC 22020-02-10

📋Vendor Advisories

1
Debian
CVE-2017-18641: lxc - In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a ...2017
CVE-2017-18641 (HIGH CVSS 8.1) | In LXC 2.0 | cvebase.io