VDB

DEBIAN-CVE-2024-6156

DEBIAN-CVE-2024-6156 PUBLISHED CVSS 3.799999952316284 LOW

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Risk Scores

CVSS 3.1
3.799999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected Products

VendorProductVersions
Debian:14incus0, 0
Debian:13lxd0, 5.0.2+git20231211.1364ae4, 5.0.2+git20231211.1364ae4
Debian:13incus0, 0
Debian:12lxd5.0.2+git20231211.1364ae4, 5.0.2+git20231211.1364ae4, 5.0.2+git20231211.1364ae4

Timeline

  • Dec 6, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›