PKI Mode Vulnerability Allows Bypass of Security Measures
CVE-2024-6156

3.8LOW

Key Information:

Status
Vendor
CVE Published:
6 December 2024

What is CVE-2024-6156?

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Affected Version(s)

LXD Linux 4.0 < 4.0.10

LXD Linux 4.0 < 5.0.4

LXD Linux 4.0 < 5.21.2

References

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.
CVE-2024-6156 : PKI Mode Vulnerability Allows Bypass of Security Measures