PKI Mode Vulnerability Allows Bypass of Security Measures
CVE-2024-6156

3.8LOW

Key Information:

Status
Vendor
CVE Published:
6 December 2024

Summary

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Affected Version(s)

LXD Linux 4.0 < 4.0.10

LXD Linux 4.0 < 5.0.4

LXD Linux 4.0 < 5.21.2

References

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.
CVE-2024-6156 : PKI Mode Vulnerability Allows Bypass of Security Measures | SecurityVulnerability.io