CVE-2024-6156 Affecting lxd package, versions *


Severity

Recommended
low

Based on default assessment until relevant scores are available.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN13-LXD-8491093
  • published7 Dec 2024
  • disclosed6 Dec 2024

Introduced: 6 Dec 2024

NewCVE-2024-6156  (opens in a new tab)

How to fix?

There is no fixed version for Debian:13 lxd.

NVD Description

Note: Versions mentioned in the description apply only to the upstream lxd package and not the lxd package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.