CVE-2024-6156

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-6156

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6156.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6156

Aliases

Downstream

DEBIAN-CVE-2024-6156

UBUNTU-CVE-2024-6156

openSUSE-SU-2024:14567-1

Related

openSUSE-SU-2024:14567-1

Published

2024-12-06T00:15:04.380Z

Modified

2026-04-10T05:19:16.715754Z

Severity

3.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

References

Affected packages

Git / github.com/canonical/lxd

Affected ranges

Type

GIT

Repo

https://github.com/canonical/lxd

Events

Introduced

03aab09f5b5cbdada00c6539877dcf5932fcde98

Fixed

2eacddbb65acf10b2fcea4ee92374a90d2376dc4

Introduced

1e1349e3cbf30c1b2ce74e531d4dd0fd52c45be1

Fixed

2101d7f6efdaa7762e6593c857cb524bfcd2859b

Introduced

be2e2d38c65555880689da833c93d1e9d55ae94d

Fixed

7d4a9933f4618cfe6ec8d18e2e8f91816e5ddbba

Database specific

{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.10"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.4"
        },
        {
            "introduced": "5.1"
        },
        {
            "fixed": "5.21.2"
        }
    ]
}

Affected versions

lxd-4.*

lxd-4.0.0

lxd-4.0.1

lxd-4.0.2

lxd-4.0.3

lxd-4.0.4

lxd-4.0.5

lxd-4.0.6

lxd-4.0.7

lxd-4.0.8

lxd-4.0.9

lxd-5.*

lxd-5.0.0

lxd-5.0.1

lxd-5.0.2

lxd-5.1

lxd-5.10

lxd-5.11

lxd-5.12

lxd-5.13

lxd-5.14

lxd-5.15

lxd-5.16

lxd-5.17

lxd-5.2

lxd-5.3

lxd-5.4

lxd-5.5

lxd-5.6

lxd-5.7

lxd-5.8

lxd-5.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6156.json"