← voltar
CVE-2025-54291

Project existence disclosure in LXD images API

CVSS 6.9 MEDIUMEPSS 0.3%CWE-209
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Canonical · LXD

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/canonical/lxd/security/advisories/GHSA-xch9-h8qw-85c7