Описание
Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
10
EPSS
Процентиль: 5%
0.0002
Низкий
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
26 дней назад
Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.
CVSS3: 4.3
debian
26 дней назад
Improper authorization in the API endpoint GET /1.0/certificates in Ca ...
github
25 дней назад
lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints
EPSS
Процентиль: 5%
0.0002
Низкий
4.3 Medium
CVSS3