Lucene search
+L

35 matches found

cvelist
cvelist
added 2025/10/02 9:25 a.m.9 views

CVE-2025-54291 Project existence disclosure in LXD images API

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

6.9CVSS0.0036EPSS
Exploits1References1
cve
cve
added 2025/10/02 9:25 a.m.20 views

CVE-2025-54291

The CVE affects Canonical LXD, specifically the images API (LXD 1.0/images) where unauthenticated requests can reveal project existence by returning 404 for existing projects and 403 for non-existent ones. Root cause: error handling in the imagesGet path exposes project existence via HTTP status ...

6.9CVSS6.8AI score0.0036EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/10/02 9:25 a.m.2 views

CVE-2025-54291 Project existence disclosure in LXD images API

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

6.9CVSS6.8AI score0.0036EPSS
Exploits1References1
debiancve
debiancve
added 2025/10/02 9:25 a.m.5 views

CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

6.9CVSS5.4AI score0.0036EPSS
Exploits1
osv
osv
added 2025/10/02 9:25 a.m.3 views

CVE-2025-54291 Project existence disclosure in LXD images API

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

6.9CVSS6.1AI score0.0036EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2025/10/02 9:25 a.m.4 views

CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

6.9CVSS6.9AI score0.0036EPSS
Exploits1
vulnrichment
vulnrichment
added 2025/10/02 9:24 a.m.3 views

CVE-2025-54290 Project Existence Disclosure via Error Handling in LXD Image Export

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...

6.9CVSS6.4AI score0.00317EPSS
Exploits1References1
cvelist
cvelist
added 2025/10/02 9:24 a.m.11 views

CVE-2025-54290 Project Existence Disclosure via Error Handling in LXD Image Export

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...

6.9CVSS0.00317EPSS
Exploits1References1
cve
cve
added 2025/10/02 9:24 a.m.22 views

CVE-2025-54290

CVE-2025-54290 affects Canonical LXD before 6.5 and 5.21.4 on Linux. The vulnerability lies in the image export API, where error handling and LIKE wildcard matching can reveal project existence without authentication. An attacker can remotely determine whether a project exists by sending crafted ...

6.9CVSS6.4AI score0.00317EPSS
Exploits1References1Affected Software1
osv
osv
added 2025/10/02 9:24 a.m.3 views

CVE-2025-54290 Project Existence Disclosure via Error Handling in LXD Image Export

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...

6.9CVSS6AI score0.00317EPSS
Exploits1References4
debiancve
debiancve
added 2025/10/02 9:24 a.m.5 views

CVE-2025-54290

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...

6.9CVSS5.3AI score0.00317EPSS
Exploits1
ptsecurity
ptsecurity
added 2025/10/02 12:0 a.m.3 views

PT-2025-40334

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD versions prior to 5.21.4 Description An information disclosure issue exists in the images API of Canonical LXD. This allows unauthenticated remote attackers to determine project existence by...

8.8CVSS6.4AI score0.00541EPSS
Exploits7References29
cnnvd
cnnvd
added 2025/10/02 12:0 a.m.7 views

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5 and 5.21.4, which stems from the existence of an information leak in the Image API that could lead a remote attacker to determine the existence o...

6.9CVSS6.1AI score0.0036EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2025/10/02 12:0 a.m.6 views

PT-2025-40333

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD versions prior to 5.21.4 Description An information disclosure issue exists in the image export API of Canonical LXD. A network attacker can determine project existence without authentication b...

8.8CVSS6.2AI score0.00541EPSS
Exploits7References30
hackerone
hackerone
added 2019/02/13 7:2 p.m.40 views

GitLab: Know whether private project name exists or not within a group using link comments

Summary: Hello, It is possible for anyone to know if private project exists or not in public/private groups if they can guess the project names correctly. Description: Using markdown feature, we can form a comment which will allow us to know if the private project is exists within a group or not...

6.9AI score
Exploits0
Rows per page
Query Builder