Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Analysis
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Technical ContextAI
Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).
RemediationAI
Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attack
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attacker
A arbitrary file access vulnerability (CVSS 6.5) that allows an attacker with instance configuration permissions. Risk
Cross-guest storage-volume hijacking in Canonical LXD 6.6 through 6.8 lets an untrusted guest instance mount, read, and
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to d
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remo
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attac
Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authen
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was prese
Privilege escalation in Canonical LXD (versions 6.0-6.8, 5.21.0-5.21.4, and 5.0.0-5.0.6) allows an authenticated project
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| jammy | DNE | - |
| noble | DNE | - |
| plucky | DNE | - |
| bionic | not-affected | no web UI |
| focal | not-affected | installs LXD snap |
| upstream | released | 5.0.5, 5.21.4, 6.5 |
| xenial | not-affected | no web UI |
| questing | DNE | - |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| trixie | fixed | 6.0.4-2+deb13u1 | - |
| trixie (security) | fixed | 6.0.4-2+deb13u4 | - |
| forky, sid | fixed | 6.0.5-8 | - |
| (unstable) | fixed | 6.0.5-1 | - |
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm | fixed | 5.0.2-5+deb12u1 | - |
| bookworm (security) | fixed | 5.0.2-5+deb12u3 | - |
| trixie | fixed | 5.0.2+git20231211.1364ae4-9+deb13u1 | - |
| trixie (security) | fixed | 5.0.2+git20231211.1364ae4-9+deb13u3 | - |
| (unstable) | fixed | (unfixed) | - |
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-32635
GHSA-p8hw-rfjg-689h