CVE-2024-6156

Опубликовано: 06 дек. 2024

Источник: debian

EPSS Низкий

Описание

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Пакет	Статус	Версия исправления	Релиз	Тип
lxd	removed			package
lxd	ignored		trixie	package
lxd	ignored		bookworm	package
incus	fixed	6.0.3-1		package

https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v
Fixed by: https://github.com/canonical/lxd/commit/fb0525e1bdd6a99c4eedacbe9e6c2c7b8e0d9a89 (lxd-5.0.4)

EPSS

Процентиль: 9%

0.00032

Низкий

CVE-2024-6156

CVSS3: 3.8

ubuntu

около 1 года назад

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

CVE-2024-6156

CVSS3: 3.8

nvd

около 1 года назад

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

GHSA-4c49-9fpc-hc3v

CVSS3: 3.8

github

около 1 года назад

lxd CA certificate sign check bypass

ROS-20251117-05

CVSS3: 8.8

redos

2 месяца назад

Множественные уязвимости dqlite

ROS-20251117-04

CVSS3: 8.8

redos

2 месяца назад

Множественные уязвимости lxd

EPSS

Процентиль: 9%

0.00032

Низкий