← volver
CVE-2025-54291

Project existence disclosure in LXD images API

CVSS 6.9 MEDIUMEPSS 0.3%CWE-209
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Canonical · LXD

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/canonical/lxd/security/advisories/GHSA-xch9-h8qw-85c7