VDB
CVE-2024-6156
CVE-2024-6156
PUBLISHED
CVSS 3.799999952316284 LOW
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
EPSS 0.05% · 16.7th percentile
Risk Scores
CVSS v3.1
3.799999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
EPSS Score
0.05%
16.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | canonical/lxd | 0, 0 |
| canonical | lxd | 4.0.0, 5.0.0, 5.1 |
| Canonical Ltd. | LXD | 4.0, 4.0, 4.0 |
| canonical | lxd | 0, 0 |
Timeline
- Dec 5, 2024 CVE Published
- Dec 5, 2024 PoC Published
- Dec 6, 2024 PoC Published
- Dec 7, 2024 EPSS Score
- Dec 24, 2024 EPSS Score
- Jan 10, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 12, 2025 EPSS Score
- Mar 1, 2025 EPSS Score
- Mar 18, 2025 EPSS Score
- Mar 20, 2025 Coalition ESS Score
- Apr 4, 2025 EPSS Score
References
- https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v issue
- https://www.cve.org/CVERecord?id=CVE-2024-6156 issue
- https://nvd.nist.gov/vuln/detail/CVE-2024-6156 advisory
- https://github.com/canonical/lxd/commit/92468bb60f4f1edf38ff0434414bea4f28afa711 url
- https://github.com/canonical/lxd package
- https://pkg.go.dev/vuln/GO-2024-3312 url