Lucene search

[email protected]NVD:CVE-2015-8222

HistoryNov 17, 2015 - 3:59 p.m.

CVE-2015-8222

2015-11-1715:59:24

CWE-264

[email protected]

web.nvd.nist.gov

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch15.10

References

www.ubuntu.com/usn/USN-2809-1

bugs.launchpad.net/ubuntu/+source/lxd/+bug/1515689

github.com/lxc/lxd/issues/1307

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2015-8222

cve1 ubuntucve1 prion1 debiancve1 cvelist1