Описание
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| incus | fixed | 6.0.5-1 | package | |
| lxd | removed | package | ||
| lxd | ignored | trixie | package | |
| lxd | ignored | bookworm | package |
Примечания
https://github.com/canonical/lxd/security/advisories/GHSA-3g72-chj4-2228
EPSS
Связанные уязвимости
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API
EPSS