3 matches found
Information Disclosure
github.com/canonical/lxd is vulnerable to Information Disclosure. The vulnerability is due to insufficient validation of process names, where attackers with root access in a container can spoof command-line names to impersonate other containers and obtain their metadata...
CVE-2025-54288 Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...
PT-2025-40331
Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.0 and above Description An information spoofing issue exists in the devLXD server component of Canonical LXD. Attackers with root privileges within a container can impersonate other containers and access their metadata...