Canonical LXD up to 5.21.1 PKI Mode certificate validation

Summaryinfo

A vulnerability was found in Canonical LXD up to 5.21.1. It has been declared as critical. This impacts an unknown function of the component PKI Mode. The manipulation results in certificate validation. This vulnerability is identified as CVE-2024-6156. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in Canonical LXD up to 5.21.1. Affected is some unknown processing of the component PKI Mode. The manipulation with an unknown input leads to a certificate validation vulnerability. CWE is classifying the issue as CWE-295. The product does not validate, or incorrectly validates, a certificate. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

The advisory is shared for download at github.com. This vulnerability is traded as CVE-2024-6156 since 06/19/2024. The exploitability is told to be easy. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1587.003.

Upgrading to version 5.21.2 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Canonical

Name

• LXD

Version

• 5.21.0
• 5.21.1

License

• open-source

Website

• Product: https://github.com/canonical/lxd/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion