Privilege Escalation Vulnerability in Ubuntu Server's LXD Feature
CVE-2023-5536
5MEDIUM
Summary
A feature in LXD on Ubuntu Server allows users in the lxd group to escalate their privileges to root without a sudo password. This misconfiguration could enable malicious actors to gain unauthorized control over the system. It is essential to address this issue promptly to safeguard against potential exploits. Users are encouraged to review their LXD configurations and implement mitigations as outlined in the official documentation.
Affected Version(s)
Ubuntu Server Linux 0 < 24.04
References
CVSS V3.1
Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tobias Jäger