LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
lxd | le | 2.0.1 | |
ubuntu_linux | eq | 16.04 | |
ubuntu_linux | eq | 15.10 |