Vulnerability Details CVE-2024-6156
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.4%
CVSS Severity
CVSS v3 Score 3.8
References
Products affected by CVE-2024-6156
-
cpe:2.3:a:canonical:lxd:4.0.0
-
cpe:2.3:a:canonical:lxd:4.0.1
-
cpe:2.3:a:canonical:lxd:4.0.2
-
cpe:2.3:a:canonical:lxd:4.0.3
-
cpe:2.3:a:canonical:lxd:4.0.4
-
cpe:2.3:a:canonical:lxd:4.0.5
-
cpe:2.3:a:canonical:lxd:4.0.6
-
cpe:2.3:a:canonical:lxd:4.0.7
-
cpe:2.3:a:canonical:lxd:4.0.8
-
cpe:2.3:a:canonical:lxd:4.0.9
-
cpe:2.3:a:canonical:lxd:5.0.0
-
cpe:2.3:a:canonical:lxd:5.0.1
-
cpe:2.3:a:canonical:lxd:5.0.2
-
cpe:2.3:a:canonical:lxd:5.0.3
-
cpe:2.3:a:canonical:lxd:5.1
-
cpe:2.3:a:canonical:lxd:5.10
-
cpe:2.3:a:canonical:lxd:5.11
-
cpe:2.3:a:canonical:lxd:5.12
-
cpe:2.3:a:canonical:lxd:5.13
-
cpe:2.3:a:canonical:lxd:5.14
-
cpe:2.3:a:canonical:lxd:5.15
-
cpe:2.3:a:canonical:lxd:5.16
-
cpe:2.3:a:canonical:lxd:5.17
-
cpe:2.3:a:canonical:lxd:5.18
-
cpe:2.3:a:canonical:lxd:5.19
-
cpe:2.3:a:canonical:lxd:5.2
-
cpe:2.3:a:canonical:lxd:5.20
-
cpe:2.3:a:canonical:lxd:5.21.0
-
cpe:2.3:a:canonical:lxd:5.21.1
-
cpe:2.3:a:canonical:lxd:5.3
-
cpe:2.3:a:canonical:lxd:5.4
-
cpe:2.3:a:canonical:lxd:5.5
-
cpe:2.3:a:canonical:lxd:5.6
-
cpe:2.3:a:canonical:lxd:5.7
-
cpe:2.3:a:canonical:lxd:5.8
-
cpe:2.3:a:canonical:lxd:5.9