Lxd
Monthly
Server-Side Request Forgery in Canonical LXD's image import endpoint allows authenticated users holding the can_create_images entitlement to direct the LXD daemon to make arbitrary outbound HTTP connections, including to loopback addresses, RFC1918 private ranges, and cloud instance metadata services such as 169.254.169.254. Affected versions span 4.12 through 6.9. An attacker can leverage error-based responses to enumerate internal TCP ports and fingerprint internal HTTP services from the daemon's privileged network position, enabling lateral reconnaissance in multi-tenant or cloud-hosted environments. No public exploit code has been identified at time of analysis, and CISA has not listed this in KEV.
Privilege escalation in Canonical LXD (versions 6.0-6.8, 5.21.0-5.21.4, and 5.0.0-5.0.6) allows an authenticated project operator in a restricted multi-tenant deployment to escape tenant confinement and obtain host root. Because project-restriction policies are not re-validated when an instance backup is imported and its snapshot restored, an operator can smuggle restricted configuration keys into a snapshot, restore them onto the live instance, and start it to gain unauthorized root on the host. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but a vendor patch and the fixing source code are available.
Nil-pointer dereference in LXD's CreateCustomVolumeFromBackup function allows an authenticated user with can_create_storage_volumes permissions to crash the LXD daemon via a crafted backup tarball, affecting all containers running on the host. Versions up to 6.8 (current branch) and 5.21 (LTS branch) on Linux are vulnerable. No public exploit or CISA KEV listing exists at time of analysis, but upstream fix commits are available from Canonical.
Cross-guest storage-volume hijacking in Canonical LXD 6.6 through 6.8 lets an untrusted guest instance mount, read, and overwrite the custom storage volumes owned by other guests on the same host, breaking tenant isolation. Exploitation requires the non-default security.devlxd.management.volumes option to be enabled, and is fixed in LXD 6.9. Rated CVSS 9.6 with a scope change and CISA SSVC 'total' technical impact; SSVC lists exploitation as proof-of-concept, but EPSS is very low (0.11%, 1st percentile) and it is not in CISA KEV.
Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authenticated users with restricted privileges to enumerate all certificate fingerprints trusted by the server. Public exploit code exists for this vulnerability. While this enables information disclosure with limited impact, it could facilitate further attacks by revealing trust relationships on the system.
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
A arbitrary file access vulnerability (CVSS 6.5) that allows an attacker with instance configuration permissions. Risk factors: public PoC available.
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Server-Side Request Forgery in Canonical LXD's image import endpoint allows authenticated users holding the can_create_images entitlement to direct the LXD daemon to make arbitrary outbound HTTP connections, including to loopback addresses, RFC1918 private ranges, and cloud instance metadata services such as 169.254.169.254. Affected versions span 4.12 through 6.9. An attacker can leverage error-based responses to enumerate internal TCP ports and fingerprint internal HTTP services from the daemon's privileged network position, enabling lateral reconnaissance in multi-tenant or cloud-hosted environments. No public exploit code has been identified at time of analysis, and CISA has not listed this in KEV.
Privilege escalation in Canonical LXD (versions 6.0-6.8, 5.21.0-5.21.4, and 5.0.0-5.0.6) allows an authenticated project operator in a restricted multi-tenant deployment to escape tenant confinement and obtain host root. Because project-restriction policies are not re-validated when an instance backup is imported and its snapshot restored, an operator can smuggle restricted configuration keys into a snapshot, restore them onto the live instance, and start it to gain unauthorized root on the host. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but a vendor patch and the fixing source code are available.
Nil-pointer dereference in LXD's CreateCustomVolumeFromBackup function allows an authenticated user with can_create_storage_volumes permissions to crash the LXD daemon via a crafted backup tarball, affecting all containers running on the host. Versions up to 6.8 (current branch) and 5.21 (LTS branch) on Linux are vulnerable. No public exploit or CISA KEV listing exists at time of analysis, but upstream fix commits are available from Canonical.
Cross-guest storage-volume hijacking in Canonical LXD 6.6 through 6.8 lets an untrusted guest instance mount, read, and overwrite the custom storage volumes owned by other guests on the same host, breaking tenant isolation. Exploitation requires the non-default security.devlxd.management.volumes option to be enabled, and is fixed in LXD 6.9. Rated CVSS 9.6 with a scope change and CISA SSVC 'total' technical impact; SSVC lists exploitation as proof-of-concept, but EPSS is very low (0.11%, 1st percentile) and it is not in CISA KEV.
Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authenticated users with restricted privileges to enumerate all certificate fingerprints trusted by the server. Public exploit code exists for this vulnerability. While this enables information disclosure with limited impact, it could facilitate further attacks by revealing trust relationships on the system.
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
A arbitrary file access vulnerability (CVSS 6.5) that allows an attacker with instance configuration permissions. Risk factors: public PoC available.
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.