GHSA-3G72-CHJ4-2228 Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API
Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...