PKI Mode Vulnerability Allows Bypass of Security Measures
CVE-2024-6156

3.8LOW

Key Information:

Vendor: Canonical Ltd.
Status: Lxd
Vendor: CVE Published:; 6 December 2024

Summary

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Affected Version(s)

LXD Linux 4.0 < 4.0.10

LXD Linux 4.0 < 5.0.4

LXD Linux 4.0 < 5.21.2

References

https://github.com/canonical/lxd/security/advisories/GHSA...

https://www.cve.org/CVERecord?id=CVE-2024-6156

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 6, 2024

.

CVE-2024-6156 : PKI Mode Vulnerability Allows Bypass of Security Measures | SecurityVulnerability.io