CVE-2024-6156

Summary

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Affected Software

VendorProductVersion RangeStatus
Canonical Ltd.LXD4.0 < 4.0.10affected
Canonical Ltd.LXD4.0 < 5.0.4affected
Canonical Ltd.LXD4.0 < 5.21.2affected
Canonical Ltd.LXD4.0 < 6.1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References