A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071 | Issue Tracking Vendor Advisory |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536 | Third Party Advisory |
https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4 | Vendor Advisory |
https://ubuntu.com/security/CVE-2023-5536 | Vendor Advisory |
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071 | Issue Tracking Vendor Advisory |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536 | Third Party Advisory |
https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4 | Vendor Advisory |
https://ubuntu.com/security/CVE-2023-5536 | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.0 |
References | () https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071 - Issue Tracking, Vendor Advisory | |
References | () https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536 - Third Party Advisory | |
References | () https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4 - Vendor Advisory | |
References | () https://ubuntu.com/security/CVE-2023-5536 - Vendor Advisory |
18 Dec 2023, 20:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.4 |
CPE | cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:* | |
CWE | CWE-276 | |
References | () https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4 - Vendor Advisory | |
References | () https://ubuntu.com/security/CVE-2023-5536 - Vendor Advisory | |
References | () https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071 - Issue Tracking, Vendor Advisory | |
References | () https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536 - Third Party Advisory |
12 Dec 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-12 02:15
Updated : 2024-11-21 08:41
NVD link : CVE-2023-5536
Mitre link : CVE-2023-5536
CVE.ORG link : CVE-2023-5536
JSON object : View
Products Affected
canonical
- ubuntu_linux
CWE
CWE-276
Incorrect Default Permissions