CVE-2024-6156
published 2024-12-06CVE-2024-6156: Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
low3.8CVSS 3.1
AVLACLPRLUINSCCLINAN
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | lxd | >= 4.0.0 < 4.0.10 | 4.0.10 |
| canonical | lxd | >= 5.0.0 < 5.0.4 | 5.0.4 |
| canonical | lxd | >= 5.1 < 5.21.2 | 5.21.2 |
| canonical_ltd | lxd | >= 4.0 < 4.0.10 | 4.0.10 |
| canonical_ltd | lxd | >= 4.0 < 5.0.4 | 5.0.4 |
| canonical_ltd | lxd | >= 4.0 < 5.21.2 | 5.21.2 |
| canonical_ltd | lxd | >= 4.0 < 6.1 | 6.1 |
| debian | incus | < incus 6.0.3-1 (forky) | incus 6.0.3-1 (forky) |
| debian | lxd | < incus 6.0.3-1 (forky) | incus 6.0.3-1 (forky) |
| github.com | canonical_lxd | >= 0 < 0.0.0-20240708073652-5a492a3f0036 | 0.0.0-20240708073652-5a492a3f0036 |
CVSS provenance
nvdv3.13.8LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
osv3.8LOW