CVE-2023-5536 — Incorrect Default Permissions in Ubuntu Linux

CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

6.4MEDIUMNVD

CNA5.0

EPSS

0.0%

top 87.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux

Timeline

PublishedDec 12

Description

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

▶NVDcanonical/ubuntu_linux< 24.04

🔴Vulnerability Details

GHSA

GHSA-7w5c-q3c8-5c62: A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their pri↗2023-12-12

▶

CVEList

CVE-2023-5536: A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their pri↗2023-12-12

▶

OSV

CVE-2023-5536: A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their pri↗2023-12-11

▶