PKI Mode Vulnerability Allows Bypass of Security Measures
CVE-2024-6156
3.8LOW
Summary
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
Affected Version(s)
LXD Linux 4.0 < 4.0.10
LXD Linux 4.0 < 5.0.4
LXD Linux 4.0 < 5.21.2
References
CVSS V3.1
Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published