9 matches found
Information Disclosure
github.com/canonical/lxd is vulnerable to Information Disclosure. The vulnerability is due to insufficient validation of process names, where attackers with root access in a container can spoof command-line names to impersonate other containers and obtain their metadata...
SUSE CVE-2025-54288
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...
Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server
Impact In LXD's devLXD server, the source container identification process uses process cmdline command line information, allowing attackers to impersonate other containers by spoofing process names. The core issue lies in the findContainerForPID function in lxd/apidevlxd.go. This function...
GHSA-7232-97C6-J525 Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server
Impact In LXD's devLXD server, the source container identification process uses process cmdline command line information, allowing attackers to impersonate other containers by spoofing process names. The core issue lies in the findContainerForPID function in lxd/apidevlxd.go. This function...
CVE-2025-54288
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...
CVE-2025-54288 Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...
CVE-2025-54288
CVE-2025-54288 affects Canonical LXD devLXD server on Linux container platforms. The issue arises from a vulnerability in how the devLXD code identifies containers via process cmdline information, allowing attackers with root privileges inside one container to impersonate other containers and rea...
LXD 安全漏洞
LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD 4.0 and later versions, which stems from information spoofing in the devLXD server that could lead to container impersonation and information disclosure...
CVE-2025-32754
In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...