Описание
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| incus | fixed | 6.0.5-1 | package | |
| lxd | removed | package | ||
| lxd | ignored | trixie | package | |
| lxd | ignored | bookworm | package |
Примечания
https://github.com/canonical/lxd/security/advisories/GHSA-p3x5-mvmp-5f35
Связанные уязвимости
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
Canonical LXD Project Existence Determination Through Error Handling in Image Export Function
