VDB
DEBIAN-CVE-2024-6156
DEBIAN-CVE-2024-6156
PUBLISHED
CVSS 3.799999952316284 LOW
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
Risk Scores
CVSS 3.1
3.799999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | incus | 0, 0 |
| Debian:13 | lxd | 0, 5.0.2+git20231211.1364ae4, 5.0.2+git20231211.1364ae4 |
| Debian:13 | incus | 0, 0 |
| Debian:12 | lxd | 5.0.2+git20231211.1364ae4, 5.0.2+git20231211.1364ae4, 5.0.2+git20231211.1364ae4 |
Timeline
- Dec 6, 2024 CVE Published
- Apr 28, 2026 CVE Updated