35 matches found
CVE-2025-54291 Project existence disclosure in LXD images API
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54291
The CVE affects Canonical LXD, specifically the images API (LXD 1.0/images) where unauthenticated requests can reveal project existence by returning 404 for existing projects and 403 for non-existent ones. Root cause: error handling in the imagesGet path exposes project existence via HTTP status ...
CVE-2025-54291 Project existence disclosure in LXD images API
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54291 Project existence disclosure in LXD images API
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54290 Project Existence Disclosure via Error Handling in LXD Image Export
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...
CVE-2025-54290 Project Existence Disclosure via Error Handling in LXD Image Export
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...
CVE-2025-54290
CVE-2025-54290 affects Canonical LXD before 6.5 and 5.21.4 on Linux. The vulnerability lies in the image export API, where error handling and LIKE wildcard matching can reveal project existence without authentication. An attacker can remotely determine whether a project exists by sending crafted ...
CVE-2025-54290 Project Existence Disclosure via Error Handling in LXD Image Export
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...
CVE-2025-54290
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...
PT-2025-40334
Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD versions prior to 5.21.4 Description An information disclosure issue exists in the images API of Canonical LXD. This allows unauthenticated remote attackers to determine project existence by...
LXD 安全漏洞
LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5 and 5.21.4, which stems from the existence of an information leak in the Image API that could lead a remote attacker to determine the existence o...
PT-2025-40333
Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD versions prior to 5.21.4 Description An information disclosure issue exists in the image export API of Canonical LXD. A network attacker can determine project existence without authentication b...
GitLab: Know whether private project name exists or not within a group using link comments
Summary: Hello, It is possible for anyone to know if private project exists or not in public/private groups if they can guess the project names correctly. Description: Using markdown feature, we can form a comment which will allow us to know if the private project is exists within a group or not...