Canonical: >> Lxd >> 2.0.1 Security Vulnerabilities
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
CVSS Score
3.8
EPSS Score
0.0
Published
2024-12-06
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.0
Published
2016-06-09
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.0
Published
2016-06-09