← voltar
CVE-2025-54290

Project Existence Disclosure via Error Handling in LXD Image Export

CVSS 6.9 MEDIUMEPSS 0.3%CWE-200
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Canonical · LXD

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/canonical/lxd/security/advisories/GHSA-p3x5-mvmp-5f35