CVE-2024-6156

Severity

3.8LOW

EPSS

0.0%

top 88.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 6

Latest updateDec 9

Description

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

▶NVDcanonical/lxd4.0.0 — 4.0.10+2

▶CVEListV5canonical_ltd./lxd4.0 — 4.0.10+3

▶Gogithub.com/canonical/lxd< 0.0.0-20240708073652-5a492a3f0036

▶Debianincus< 6.0.3-1+1

OSV

CA certificate sign check bypass in github.com/canonical/lxd↗2024-12-09

▶

OSV

lxd CA certificate sign check bypass↗2024-12-09

▶

GHSA

lxd CA certificate sign check bypass↗2024-12-09

▶

OSV

CVE-2024-6156: Mark Laing discovered that LXD's PKI mode, until version 5↗2024-12-06

▶

CVEList

CVE-2024-6156: Mark Laing discovered that LXD's PKI mode, until version 5↗2024-12-05

▶

Debian

CVE-2024-6156: incus - Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypass...↗2024

▶