CVE-2024-6156: Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
3.8
CVSS
Description
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
Classification
CVE ID: CVE-2024-6156
CVSS Base Severity: LOW
CVSS Base Score: 3.8
Affected Products
Vendor: Canonical Ltd.
Product: LXD
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.44% (scored less or equal to compared to others)
EPSS Date: 2025-02-03 (when was this score calculated)
References
https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3vhttps://www.cve.org/CVERecord?id=CVE-2024-6156