CVE-2015-8222

2015-11-1715:00:00

mitre

www.cve.org

ubuntu

lxd package

world-readable permissions

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.1%

JSON

The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors.

References

www.ubuntu.com/usn/USN-2809-1

bugs.launchpad.net/ubuntu/+source/lxd/+bug/1515689

github.com/lxc/lxd/issues/1307