github.com/lxc/lxd is vulnerable to information disclosure. This is because it uses world-readable permissions for /var/lib/lxd/zfs.img
when setting up a ZFS pool. Using this flaw local users can read and copy data from arbitrary containers.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/lxc/lxd | eq | HEAD | |
github.com/lxc/lxd | le | lxd-0.27 |