Restricted certificates bypassed in LXD's PKI mode until version 5.21.1
CVE-2024-6219

3.8LOW

Key Information:

Vendor: Canonical Ltd.
Status: Lxd
Vendor: CVE Published:; 6 December 2024

Summary

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

Affected Version(s)

LXD Linux 0 < 5.21.1

References

https://github.com/canonical/lxd/security/advisories/GHSA...

issue-tracking

https://www.cve.org/CVERecord?id=CVE-2024-6219

issue-tracking

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 6, 2024