Vulnerability Details CVE-2015-1340
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.0%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.8
References
Products affected by CVE-2015-1340
-
cpe:2.3:a:linuxcontainers:lxd:-