CVE-2024-6219

CWE-295 — Improper Certificate Validation CWE-287 — Improper Authentication7 documents5 sources

Severity

3.8LOW

EPSS

0.1%

top 69.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ltd. LXD Github.com Canonical/lxd Canonical LXD

Timeline

PublishedDec 6

Latest updateDec 9

Description

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

Affected Packages3 packages

▶NVDcanonical/lxd< 5.21.1

▶CVEListV5canonical_ltd./lxd< 5.21.1

▶Gogithub.com/canonical/lxd< 0.0.0-20240403103450-0e7f2b5bf4d2

🔴Vulnerability Details

OSV

lxd has a restricted TLS certificate privilege escalation when in PKI mode↗2024-12-09

▶

GHSA

lxd has a restricted TLS certificate privilege escalation when in PKI mode↗2024-12-09

▶

OSV

Restricted TLS certificate privilege escalation when in PKI mode in github.com/canonical/lxd↗2024-12-09

▶

OSV

CVE-2024-6219: Mark Laing discovered in LXD's PKI mode, until version 5↗2024-12-06

▶

CVEList

CVE-2024-6219: Mark Laing discovered in LXD's PKI mode, until version 5↗2024-12-05

▶

📋Vendor Advisories

Debian

CVE-2024-6219: incus - Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted...↗2024

▶