CVE-2023-5536
MEDIUM
5,0
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: high
User Interaction: required
Scope: changed
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 90 Days)
276
Incorrect Default Permissions
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Potential Impacts:
Read Application Data
Modify Application Data
Applicable Platforms
Technologies:
Not Technology-Specific, ICS/OT
Operating System
Ubuntu Linux by Canonical
Version Range Affected
To
24.04
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536
https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4
https://ubuntu.com/security/CVE-2023-5536
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536
https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4
https://ubuntu.com/security/CVE-2023-5536